Hi, if you have enabled password policy you might try to send krb key/password in clear text (using secure port of course).
We had such problem with 389-DS and PHP application. Solution was: a) make LDAP listen only secure port b) application sends clear text password over secure connection Regards. On 14.03.2012 18:48, Rajeswari Ramasamy wrote: > Hi, > > Thanks for the quick reply. > > There is no issue with command line interface. But i am trying to add into > openLdap using java code without using any of the KDC commands. > > Thanks > Rajeswari > > On Mar 14, 2012, at 9:19 PM, Predrag Zecevic [Unix Systems Administrator] > wrote: > >> Hi, >> >> what is wrong with command line interface? >> >> kadmin -p root/admin \ >> -q "change_password -pw $newPassword [email protected]" >> >> P.S. we are using Keberos 5 1.9 and 389-DS as backend and that works. >> >> Regards. >> >> On 14.03.2012 11:46, Rajeswari Ramasamy wrote: >>> >>> Hi, >>> >>> >>> I am using krb5-1.10.1 with OpenLDAP in the backend. I am able to add >>> principals using addprinc and authenticate using kinit. >>> But if i use Apache DS API's to create a principal in OpenLDAP and >>> authenticate using knit the following error occurs. >>> >>> krb5kdc[32478](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) ::1: >>> LOOKING_UP_CLIENT: [email protected] for krbtgt/[email protected], >>> unable to decode stored principal key data (ASN.1 identifier doesn't match >>> expected value) >>> >>> To do kinit authentication in kerberos, How to encode the krbPrincipalKey >>> before writing into OpenLDAP using ApacheDS API? Could anyone help on this >>> issue. >>> >>> >>> The krb5.conf has the following entry for encryption. >>> >>> [libdefaults] >>> ticket_lifetime = 600 >>> default_realm = EXAMPLE.COM >>> default_tgs_enctypes = des3-hmac-sha1 des-cbc-md5 >>> dafault_tkt_enctypes = des3-hamc-sha1 des-cbc-md5 >>> allow_weak_crypto = true >>> >>> >>> >>> Thanks >>> Rajeswari >>> ________________________________________________ >>> Kerberos mailing list [email protected] >>> https://mailman.mit.edu/mailman/listinfo/kerberos >>> >> >> -- >> Predrag Zečević, Technical Support Analyst, 2e Systems GmbH >> >> Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894 >> Mobile: +49 174 3109 288, Skype: predrag.zecevic >> E-mail: [email protected] >> >> Headquarter: 2e Systems GmbH, Königsteiner Str. 87, >> 65812 Bad Soden am Taunus, Germany >> Company registration: Amtsgericht Königstein (Germany), HRB 7303 >> Managing director: Phil Douglas >> >> http://www.2e-systems.com/ - Making your business fly! >> >> [***]===--- >> Rarely do people communicate; they just take turns talking. >> > -- Predrag Zečević, Technical Support Analyst, 2e Systems GmbH Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894 Mobile: +49 174 3109 288, Skype: predrag.zecevic E-mail: [email protected] Headquarter: 2e Systems GmbH, Königsteiner Str. 87, 65812 Bad Soden am Taunus, Germany Company registration: Amtsgericht Königstein (Germany), HRB 7303 Managing director: Phil Douglas http://www.2e-systems.com/ - Making your business fly! [***]===--- So far we've managed to avoid turning Perl into APL. :-) -- Larry Wall in <[email protected]> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
