convert cleartext password to principal key

Rachit Raj raj.rachit at
Mon Jan 27 07:10:55 EST 2014


I am working on a Java code to integrate user's password in corporate LDAP
with kerberos principal key. This code would ensure that whenever user
change their LDAP password then their kerberos key would be updated
automatically. Basically they would be having only one password for both
LDAP and kerberos authentication. I am using Java's kerberos package to
generate kerberos principal key. But when I saved this key to
krbprincipalkey attribute in LDAP then kinit failed with error
*"kinit(v5): Generic error (see e-text) while getting initial credentials".*

The error reported in syslog is
*krb5kdc[13914]: AS_REQ (12 etypes {18 17 16 23 1 3 2 11 10 15 12 13}) <>: LOOKING_UP_CLIENT:
testuser at TESTING.COM <testuser at TESTING.COM> for
krbtgt/TESTING.COM at TESTING.COM <TESTING.COM at TESTING.COM>, unable to decode
stored principal key data (ASN.1 identifier doesn't match expected value)*

Can someone please tell me where i am going wrong with the code and what
should be done to fix this?
Below you can find a sample code where cleartext password is converted to


public class TestKerberos {

        public static void main(String args[]) throws Exception{
                KerberosPrincipal kp = new KerberosPrincipal("TestUser");
                char[] pwd = {'p','a','s','s','w','o','r','
                KerberosKey kk = new KerberosKey(kp, pwd,"AES128");


Hoping for a reply. Thanks in advance.


More information about the krbdev mailing list