Hi Tom, sorry for the late answer.
Did you configure the primaryRealm and servicePrincipal properties of the changePasswordServer? The syntax of the server.xml is described in an XML schema [2], a human-readable form is provided at [1]. HTH, Stefan [1] http://repo1.maven.org/maven2/org/apache/directory/server/apacheds-xbean-spring/1.5.7/apacheds-xbean-spring-1.5.7-schema.html [2] http://repo1.maven.org/maven2/org/apache/directory/server/apacheds-xbean-spring/1.5.7/apacheds-xbean-spring-1.5.7.xsd On Thu, Sep 23, 2010 at 11:32 PM, Tom Taylor <[email protected]> wrote: > > Hello, > i'm trying to set up ApachDS Server with Kerberos and Kpasswd service. I > reproduced the documented "EXAMPLE.COM" realm and everything worked fine. But > when I change the realm to another, kinit works fine. But when I try to use > kpasswd, I get the error: The ticket isn't for us > I'm using ApacheDS 1.5.7 > [23:30:27] DEBUG > [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] > - /10.200.100.138:49348 CREATED: datagram[23:30:27] DEBUG > [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] > - /10.200.100.138:49348 OPENED[23:30:27] DEBUG > [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] > - /10.200.100.138:49348 RCVD: > org.apache.directory.server.changepw.messages.changepasswordrequ...@987197[23:30:27] > DEBUG [org.apache.directory.server.changepw.service.ChangePasswordService] - > Responding to change password request: versionNumber 1[23:30:27] > WARN > [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] > - The ticket isn't for > usorg.apache.directory.server.kerberos.shared.exceptions.KerberosException: > The ticket isn't for us at > org.apache.directory.server.changepw.service.ChangePasswordService.verifyServiceTicket(ChangePasswordService.java:192) > at > org.apache.directory.server.changepw.service.ChangePasswordService.execute(ChangePasswordService.java:85) > at > org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler.messageReceived(ChangePasswordProtocolHandler.java:139) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) > at > org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375) > at > org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) > at > org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) > at > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436) > at > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407) > at > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56) > at > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360) > at > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) > at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown > Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown > Source) at java.lang.Thread.run(Unknown Source)[23:30:27] DEBUG > [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] > - /10.200.100.138:49348 SENT: > org.apache.directory.server.changepw.messages.changepassworder...@497904[23:31:21] > DEBUG > [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - > /10.200.100.138:49344 CLOSED[23:31:27] DEBUG > [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] > - /10.200.100.138:49348 CLOSED[23:31:27] DEBUG > [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - > /10.200.100.138:49347 CLOSED > > Has anybody an idea what's going wrong there? > Best regards, > Tom > >
