Need Help on kinit authentication.
Rajeswari Ramasamy
ramasamy at apple.com
Wed Mar 14 06:46:16 EDT 2012
Hi,
I am using krb5-1.10.1 with OpenLDAP in the backend. I am able to add principals using addprinc and authenticate using kinit.
But if i use Apache DS API's to create a principal in OpenLDAP and authenticate using knit the following error occurs.
krb5kdc[32478](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) ::1: LOOKING_UP_CLIENT: testuser at EXAMPLE.COM for krbtgt/EXAMPLE.COM at EXAMPLE.COM,
unable to decode stored principal key data (ASN.1 identifier doesn't match expected value)
To do kinit authentication in kerberos, How to encode the krbPrincipalKey before writing into OpenLDAP using ApacheDS API? Could anyone help on this issue.
The krb5.conf has the following entry for encryption.
[libdefaults]
ticket_lifetime = 600
default_realm = EXAMPLE.COM
default_tgs_enctypes = des3-hmac-sha1 des-cbc-md5
dafault_tkt_enctypes = des3-hamc-sha1 des-cbc-md5
allow_weak_crypto = true
Thanks
Rajeswari
More information about the Kerberos
mailing list