Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: Negotiation_2.0.3.GA
Component/s: Negotiation
Labels:

Forum Reference:
http://social.technet.microsoft.com/Forums/en/winserverDS/thread/50931bd2-dd22-44f5-86f5-c662da209a74

Description

When using org.jboss.security.negotiation.AdvancedLdapLoginModule chained with SPNEGO/Kerberos against Active Directory, the service principal specified in the TGS-REQ is ldap/foo.com, even though java.naming.provider.url is set to LDAP://dc1.foo.com.

Because of this, the /Secured test in the jboss-negotiation-toolkit will fail to bind to AD/LDAP because the KDC returns an error KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN.

The correct service principal name that the TGS-REQ should request is LDAP/dc1.foo.com because dc1.foo.com is what was provided in java.naming.provider.url.

Attachments

Activity

People

Assignee:: Darran Lofthouse

Reporter:: John Ruiz (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2011/01/26 4:15 PM

Updated:: 2011/01/27 6:47 AM

Resolved:: 2011/01/27 6:47 AM