/** * Do the preatuh. * * @throws org.apache.kerby.kerberos.kerb.KrbException e */ protected void preauth() throws KrbException { KdcReq request = getKdcReq(); PaData preAuthData = request.getPaData(); if (isAnonymous && !isPkinit) { LOG.info("Need PKINIT."); KrbError krbError = makePreAuthenticationError(kdcContext, request, KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED, true); throw new KdcRecoverableException(krbError); } if (preAuthData == null || preAuthData.isEmpty()) { LOG.info("The preauth data is empty."); KrbError krbError = makePreAuthenticationError(kdcContext, request, KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED, false); throw new KdcRecoverableException(krbError); } else { getPreauthHandler().verify(this, preAuthData); } setPreAuthenticated(true); }
/** * Do the preauth. * * @throws org.apache.kerby.kerberos.kerb.KrbException e */ protected void preauth() throws KrbException { KdcReq request = getKdcReq(); if (isAnonymous && !isPkinit) { LOG.info("Need PKINIT."); KrbError krbError = makePreAuthenticationError(kdcContext, request, KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED, true); throw new KdcRecoverableException(krbError); } PaData preAuthData = request.getPaData(); if (isPreauthRequired() && (preAuthData == null || preAuthData.isEmpty())) { LOG.info("The preauth data is empty."); KrbError krbError = makePreAuthenticationError(kdcContext, request, KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED, false); throw new KdcRecoverableException(krbError); } else { getPreauthHandler().verify(this, preAuthData); } setPreAuthenticated(true); }
public void process() throws KrbException { KdcReq kdcReq = kdcRequest.getKdcReq(); KrbFastRequestState state = kdcRequest.getFastRequestState(); fastAsArmor(state, kdcRequest.getArmorKey(), subKey, credential, kdcReq); kdcRequest.setFastRequestState(state); kdcRequest.setOuterRequestBody(KrbCodec.encode(state.getFastOuterRequest().getReqBody())); kdcReq.getPaData().addElement(makeFastEntry(state, kdcReq, kdcRequest.getOuterRequestBody())); }
public void process() throws KrbException { KdcReq kdcReq = kdcRequest.getKdcReq(); KrbFastRequestState state = kdcRequest.getFastRequestState(); fastAsArmor(state, kdcRequest.getArmorKey(), subKey, credential, kdcReq); kdcRequest.setFastRequestState(state); kdcRequest.setOuterRequestBody(KrbCodec.encode(state.getFastOuterRequest().getReqBody())); kdcReq.getPaData().addElement(makeFastEntry(state, kdcReq, kdcRequest.getOuterRequestBody())); }
/** * Process the kdcrequest from client and issue the ticket. * * @throws org.apache.kerby.kerberos.kerb.KrbException e. */ public void process() throws KrbException { checkVersion(); checkTgsEntry(); kdcFindFast(); checkEncryptionType(); if (PreauthHandler.isToken(getKdcReq().getPaData())) { isToken = true; preauth(); checkClient(); checkServer(); } else { if (PreauthHandler.isPkinit(getKdcReq().getPaData())) { isPkinit = true; } checkClient(); checkServer(); preauth(); } checkPolicy(); issueTicket(); makeReply(); }
PaData paData = getKdcReq().getPaData(); if (paData != null) { for (PaDataEntry paEntry : paData.getElements()) {
PaData paData = getKdcReq().getPaData(); if (paData != null) { for (PaDataEntry paEntry : paData.getElements()) {