Re: When and Why DIGEST-MD5 Authentication Does Not Work?

Subject: Re: When and Why DIGEST-MD5 Authentication Does Not Work?
Author: music3man
In response to: When and Why DIGEST-MD5 Authentication Does Not Work?
Posted on: 07/28/2008 02:27:48 PM

Sorry for the multiple posts. The submission results page was giving me a null pointer error. 8-(

>
> On 07/28/2008 02:26:03 PM music3man wrote:

Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://mfadldap.nnnnnn.edu:389/");
env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
env.put("com.sun.jndi.ldap.trace.ber", System.err); //debug trace

-> mfadldap.nnnnnn.edu:389

0000: 30 18 02 01 01 60 13 02 01 03 04 00 A3 0C 04 0A 0....`..........
0010: 44 49 47 45 53 54 2D 4D 44 35 DIGEST-MD5

<- mfadldap.nnnnnn.edu:389

0000: 30 84 00 00 00 E7 02 01 01 61 84 00 00 00 DE 0A 0........a......
0010: 01 0E 04 00 04 00 87 82 00 D3 71 6F 70 3D 22 61 ..........qop="a
0020: 75 74 68 2C 61 75 74 68 2D 69 6E 74 2C 61 75 74 uth,auth-int,aut
0030: 68 2D 63 6F 6E 66 22 2C 63 69 70 68 65 72 3D 22 h-conf",cipher="
0040: 33 64 65 73 2C 64 65 73 2C 72 63 34 2D 34 30 2C 3des,des,rc4-40,
0050: 72 63 34 2C 72 63 34 2D 35 36 22 2C 61 6C 67 6F rc4,rc4-56",algo
0060: 72 69 74 68 6D 3D 6D 64 35 2D 73 65 73 73 2C 6E rithm=md5-sess,n
0070: 6F 6E 63 65 3D 22 32 35 63 32 63 66 62 32 64 65 once="25c2cfb2de
0080: 66 30 63 38 30 31 37 31 63 30 66 39 33 63 64 32 f0c80171c0f93cd2
0090: 38 37 39 39 35 36 36 66 30 66 62 37 36 36 65 62 8799566f0fb766eb
00A0: 34 35 36 61 33 63 33 35 38 33 34 61 39 35 33 66 456a3c35834a953f
00B0: 61 33 34 35 31 39 31 37 37 39 35 63 61 30 63 35 a3451917795ca0c5
00C0: 37 33 61 38 66 34 22 2C 63 68 61 72 73 65 74 3D 73a8f4",charset=
00D0: 75 74 66 2D 38 2C 72 65 61 6C 6D 3D 22 6D 66 61 utf-8,realm="mfa
00E0: 64 2E 6D 66 72 6F 6F 74 2E 6F 72 67 22 d.mfroot.org"

-> mfadldap.nnnnnn.edu:389

0000: 30 82 01 53 02 01 02 60 82 01 4C 02 01 03 04 00 0..S...`..L.....
0010: A3 82 01 43 04 0A 44 49 47 45 53 54 2D 4D 44 35 ...C..DIGEST-MD5
0020: 04 82 01 33 63 68 61 72 73 65 74 3D 75 74 66 2D ...3charset=utf-
0030: 38 2C 75 73 65 72 6E 61 6D 65 3D 22 6D 30 35 35 8,username="m055
0040: 33 35 32 22 2C 72 65 61 6C 6D 3D 22 6D 66 61 64 352",realm="mfad
0050: 2E 6D 66 72 6F 6F 74 2E 6F 72 67 22 2C 6E 6F 6E .mfroot.org",non
0060: 63 65 3D 22 32 35 63 32 63 66 62 32 64 65 66 30 ce="25c2cfb2def0
0070: 63 38 30 31 37 31 63 30 66 39 33 63 64 32 38 37 c80171c0f93cd287
0080: 39 39 35 36 36 66 30 66 62 37 36 36 65 62 34 35 99566f0fb766eb45
0090: 36 61 33 63 33 35 38 33 34 61 39 35 33 66 61 33 6a3c35834a953fa3
00A0: 34 35 31 39 31 37 37 39 35 63 61 30 63 35 37 33 451917795ca0c573
00B0: 61 38 66 34 22 2C 6E 63 3D 30 30 30 30 30 30 30 a8f4",nc=0000000
00C0: 31 2C 63 6E 6F 6E 63 65 3D 22 78 4E 50 61 41 4C 1,cnonce="xNPaAL
00D0: 57 7A 69 33 5A 4F 30 76 78 70 62 47 64 5A 63 67 Wzi3ZO0vxpbGdZcg
00E0: 38 6F 63 31 68 70 2F 47 70 2B 65 6D 30 77 67 59 8oc1hp/Gp+em0wgY
00F0: 32 73 22 2C 64 69 67 65 73 74 2D 75 72 69 3D 22 2s",digest-uri="
0100: 6C 64 61 70 2F 6D 66 61 64 6C 64 61 70 2E 6D 61 ldap/mfadldap.nnn
0110: 79 6F 2E 65 64 75 22 2C 6D 61 78 62 75 66 3D 36 nnn.edu",maxbuf=6
0120: 35 35 33 36 2C 72 65 73 70 6F 6E 73 65 3D 38 32 5536,response=82
0130: 30 33 33 62 35 64 35 61 37 66 62 38 37 39 33 31 033b5d5a7fb87931
0140: 32 39 64 64 63 37 62 35 38 63 64 33 62 63 2C 71 29ddc7b58cd3bc,q
0150: 6F 70 3D 61 75 74 68 op=auth

<- mfadldap.nnnnnn.edu:389

0000: 30 84 00 00 00 BE 02 01 02 61 84 00 00 00 B5 0A 0........a......
0010: 01 31 04 00 04 82 00 82 38 30 30 39 30 33 30 33 .1......80090303
0020: 3A 20 4C 64 61 70 45 72 72 3A 20 44 53 49 44 2D : LdapErr: DSID-
0030: 30 43 30 39 30 34 32 30 2C 20 63 6F 6D 6D 65 6E 0C090420, commen
0040: 74 3A 20 54 68 65 20 64 69 67 65 73 74 2D 75 72 t: The digest-ur
0050: 69 20 64 6F 65 73 20 6E 6F 74 20 6D 61 74 63 68 i does not match
0060: 20 61 6E 79 20 4C 44 41 50 20 53 50 4E 27 73 20 any LDAP SPN's
0070: 72 65 67 69 73 74 65 72 65 64 20 66 6F 72 20 74 registered for t
0080: 68 69 73 20 73 65 72 76 65 72 2E 2C 20 64 61 74 his server., dat
0090: 61 20 30 2C 20 76 65 63 65 00 87 28 72 73 70 61 a 0, vece..(rspa
00A0: 75 74 68 3D 61 36 36 38 39 64 30 34 64 31 31 34 uth=a6689d04d114
00B0: 38 38 36 31 33 62 66 38 39 33 31 32 33 63 32 36 88613bf893123c26
00C0: 36 64 35 33 6d53

References:

Next Post: Re: When and Why DIGEST-MD5 Authentication Does Not Work? music3man 07/28/2008 02:43:04 PM
Previous Post: Re: When and Why DIGEST-MD5 Authentication Does Not Work? music3man 07/28/2008 02:26:03 PM
Next Topic: Installing and Configuring DSML Services for Windows SteveHB 07/19/2006 02:39:14 PM
Previous Topic: DIGEST-MD5 -- Digest Authentication as a SASL Mechanism SteveHB 06/13/2006 01:08:03 PM
Index: by Date
Index: by Topic