Hi,
I tried applying the steps in
https://cwiki.apache.org/DIRxINTEROP/kerberos-authentication-to-sshd.html to my
ApacheDS and OpenSSH setup. I faced problems with MIT's kinit and chose to use
Heimdal. In order to successfully kinit with Heimdal, I had to set
<spring:property name="encryptionTypes"> to AES128_CTS_HMAC_SHA1_96 only.
In order to do the kinit test with the keytab file, I had to set the
property paEncTimestampRequired to false. Both settings reduce security
but at least the setup seemed to work.
When I try to use use ssh with GSSAPI now, the following error appears:
[18:36:44] DEBUG
[org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService] -
Verifying body checksum type 'HMAC_SHA1_96_AES128'.
[18:36:44] ERROR
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- ERR_152 Unexpected exception: Missing argument
java.lang.IllegalArgumentException: Missing argument
at javax.crypto.spec.SecretKeySpec.<init>(DashoA13*..)
SSH tries several times to get the TGT but all further request are
denied with the message "Request is a replay".
Any idea? :-)
Kind regards
Oliver
