Hello,
i'm trying to set up ApachDS Server with Kerberos and Kpasswd service. I
reproduced the documented "EXAMPLE.COM" realm and everything worked fine. But
when I change the realm to another, kinit works fine. But when I try to use
kpasswd, I get the error: The ticket isn't for us
I'm using ApacheDS 1.5.7
[23:30:27] DEBUG
[org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] -
/10.200.100.138:49348 CREATED: datagram[23:30:27] DEBUG
[org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] -
/10.200.100.138:49348 OPENED[23:30:27] DEBUG
[org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] -
/10.200.100.138:49348 RCVD:
org.apache.directory.server.changepw.messages.changepasswordrequ...@987197[23:30:27]
DEBUG [org.apache.directory.server.changepw.service.ChangePasswordService] -
Responding to change password request: versionNumber 1[23:30:27] WARN
[org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] -
The ticket isn't for
usorg.apache.directory.server.kerberos.shared.exceptions.KerberosException: The
ticket isn't for us at
org.apache.directory.server.changepw.service.ChangePasswordService.verifyServiceTicket(ChangePasswordService.java:192)
at
org.apache.directory.server.changepw.service.ChangePasswordService.execute(ChangePasswordService.java:85)
at
org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler.messageReceived(ChangePasswordProtocolHandler.java:139)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
at
org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown
Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
Source) at java.lang.Thread.run(Unknown Source)[23:30:27] DEBUG
[org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] -
/10.200.100.138:49348 SENT:
org.apache.directory.server.changepw.messages.changepassworder...@497904[23:31:21]
DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- /10.200.100.138:49344 CLOSED[23:31:27] DEBUG
[org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] -
/10.200.100.138:49348 CLOSED[23:31:27] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
/10.200.100.138:49347 CLOSED
Has anybody an idea what's going wrong there?
Best regards,
Tom
