I'm trying to follow the guide for setting up Kerberos [1] and while I am able to verify the credentials using ApacheDS, I am unable to validate my credentials with kinit or k5start or kinit. I get the following error log from ApacheDS when running k5start (kinit does not send the correct encryption types) with the exact krb5.conf. I am running Ubuntu 11.10 32bit. Any ideas what I can do to fix this issue?
[18:00:49] INFO [org.apache.directory.server.Service] - Cannot find any reference to the HTTP Server in the server.xml file : the server won't be started [18:00:58] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:57312 CREATED: datagram [18:00:58] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:57312 OPENED [18:00:58] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:57312 RCVD: org.apache.directory.server.kerberos.shared.messages.KdcRequest@1cee792 [18:00:58] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Received Authentication Service (AS) request: messageType: AS_REQ protocolVersionNumber: 5 clientAddress: 127.0.0.1 nonce: 288257937 kdcOptions: FORWARDABLE RENEWABLE_OK clientPrincipal: [email protected] serverPrincipal: krbtgt/[email protected] encryptionType: des3-cbc-sha1-kd (16), des-cbc-crc (1), des-cbc-md5 (3) realm: EXAMPLE.COM from time: 20120331230058Z till time: 20120401090058Z renew-till time: null hostAddresses: null [18:00:58] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Session will use encryption type des-cbc-md5 (3). [18:00:58] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry dn[n]: uid=hnelson,ou=Users,dc=example,dc=com objectClass: organizationalPerson objectClass: person objectClass: krb5Principal objectClass: inetOrgPerson objectClass: krb5KDCEntry objectClass: top uid: hnelson sn: Nelson krb5PrincipalName: [email protected] userPassword: '0x73 0x65 0x63 0x72 0x65 0x74 ' krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x87 0x8D 0x80 0x14 0x60 ...' krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xF4 0xA7 0x13 0x64 0x8A ...' krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x57 0x07 0xCE 0x29 0x52 ...' krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0xAD 0x21 0x4B 0x38 0xB6 ...' krb5KeyVersionNumber: 0 cn: Horatio Nelson for kerberos principal name [email protected] [18:00:58] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using SAM subsystem. [18:00:58] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using encrypted timestamp. [18:00:58] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Entry for client principal [email protected] has no SAM type. Proceeding with standard pre-authentication. [18:00:58] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - KDC has no support for padata type (16) org.apache.directory.server.kerberos.shared.exceptions.KerberosException: KDC has no support for padata type at org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.verifyEncryptedTimestamp(AuthenticationService.java:301) at org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:107) at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:145) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436) at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407) at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56) at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) [18:00:58] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Responding to request with error: explanatory text: KDC has no support for padata type error code: 16 clientPrincipal: null client time: null serverPrincipal: krbtgt/[email protected] server time: 20120331230058Z [18:00:58] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:57312 SENT: org.apache.directory.server.kerberos.shared.messages.ErrorMessage@12c4768 [18:01:58] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /127.0.0.1:57312 CLOSED [1] http://directory.apache.org/apacheds/1.5/543-kerberos-in-apacheds-155.html Thanks,
