Subject: Re: When and Why DIGEST-MD5 Authentication Does Not Work?
Author: SteveHB
In response to: When and Why DIGEST-MD5 Authentication Does Not Work?
Posted on: 08/02/2008 06:48:32 PM
Your DIGEST-MD5 type 3 message explicitly indicates "The digest-uri does not match any LDAP SPN's registered for this server."
So, the problem is that, unlike Kerberos protocol, DIGEST-MD5 is *NOT* capable for cross domain/realm authetication. In that sense, the requested digest-uri: ldap/mfadldap.nnnnnn.edu must match your server's SPN, but your server is registered within realm: mfad.mfroot.org.
Let me know if you have any further problem after resetting your server's SPN.
Good Luck,
Steve
>
> On 07/28/2008 02:43:04 PM music3man wrote:
To follow up on my multiple previous posts, I was using my password equal to my plain text password.
I also tried it with a MD5 digest password by running digest.sh from Tomcat in the format of "username:mfad.mfroot.org:password". I then get the error: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece
Am I using the correct values for creating the password or is something else wrong? I can authenticate using the simple authentication but not via MD5-DIGEST. Thanks for your help.
References:
