Hello, I'm trying to perform a test using ldap and kerberos server. For that I am installing all the necessary bundles in Karaf and I confirmed that the servers are running and I am able to connect using ApacheDs studio.
I'm trying to test the kerberos authentication using the following example described in your site: http://directory.apache.org/apacheds/kerberos-ug/4.2- authenticate-studio.html Everything seems fine but when I try to authenticate using the user hnelson I got the following error: Exception: krb_error 31 Integrity check on decrypted field failed (31) - Integrity check on decrypted field failed Integrity check on decrypted field failed KrbException: Integrity check on decrypted field failed (31) - Integrity check on decrypted field failed After looking in the kerberos server logs I could see the error: KERBEROS_LOG | 196 - org.apache.directory.server.interceptor.kerberos - *2.0.0.M24* |* No timestamp found* In order to overcome that, I set PaEncTimestampRequired to false. Now I'm having an error I can't get rid of it (whether using apacheds studio to connect or even kinit): C:\Program Files\Java\jdk1.8.0_144\bin>kinit [email protected] Password for [email protected]: Exception: krb_error 0 Checksum failed No error *KrbException: Checksum failed* at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt( Aes128CtsHmacSha1EType.java:102) at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt( Aes128CtsHmacSha1EType.java:94) at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:175) at sun.security.krb5.KrbAsRep.decrypt(KrbAsRep.java:149) at sun.security.krb5.KrbAsRep.decryptUsingPassword(KrbAsRep. java:139) at sun.security.krb5.KrbAsReqBuilder.resolve( KrbAsReqBuilder.java:287) at sun.security.krb5.KrbAsReqBuilder.action( KrbAsReqBuilder.java:361) at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:219) at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113) Caused by: java.security.GeneralSecurityException: Checksum failed at sun.security.krb5.internal.crypto.dk.AesDkCrypto. decryptCTS(AesDkCrypto.java:451) at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt( AesDkCrypto.java:272) at sun.security.krb5.internal.crypto.Aes128.decrypt(Aes128.java:76) at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt( Aes128CtsHmacSha1EType.java:100) ... 8 more I am using windows 10 and jdk1.8.0_144. I have local_policy and US_export_policy jars in the security folder as described in some sites. I'm using plain text passwords in the entries created in Ldap, as described in some other sites. I don't know what else can I do. This is my krb5 config file [libdefaults] default_realm = EXAMPLE.COM [realms] EXAMPLE.COM = { kdc = localhost:60088 } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM Can you please provide some help? Thank you.
