Can't setup Kerberos by using Apache DS

Question

I am using latest ApacheDS 2.0.0-M21 , for Kerberose login, I followed all steps mentioned in http://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html .

I am getting error"javax.security.auth.login.LoginException: Integrity check on decrypted field failed (31)" when "Require Pre-Authentication By Encrypted TimeStamp" checked. I am getting error "javax.security.auth.login.LoginException: Checksum Failed" when "Require Pre-Authentication By Encrypted TimeStamp" is unchecked.

I sent a mail to ApacheDS Community mail list, but so far I have not received any response from them.

I am trying setup Kerberos in my Windows7 machine. Please let me know if you need any additional information.

Our requirement is we need a standalone Kerberos setup to test security feature of our product. Please suggest me if you know any other Kerberos setup. I tried with MIT Kerberos, but it is tied to our office domain upon installation, do not find a way to add my own customize domain name.

Answer 1

Firstly, you should check whether you created "ldap" and "krbtgt" entry correctly. Second, when setting password for the user, please select "Plain Text" rather than other hash algorithms. And but password hash interceptor will SSHA hash it by default. I think this could resolve your problem. At least my problem was fixed.

I also tested this recently. It seemed that kerberos server launched by apacheds studio was not stable. I tried to setup mit kerberos server + openldap. After testing, I found this combination is stable. If possible, maybe you could also switch to kerberos+OpenLdap to have a try.