directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karim Hosny <karim.ho...@its.ws>
Subject RE: Adding user to Active Directory with Kerberos binding
Date Thu, 26 Mar 2015 13:30:16 GMT

Let me rephrase my question.

When I use SaslGssApi it means that I use Kerberos for authentication to the LDAP server,
now this authentication process doesn't it use a secure connection or is it done in plain
text? And if it does use secure connection then I shouldn't call the method startTLS() to
create a secure layer right?

-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org] 
Sent: Thursday, March 26, 2015 3:20 PM
To: api@directory.apache.org
Subject: Re: Adding user to Active Directory with Kerberos binding

On Thu, Mar 26, 2015 at 9:06 PM, Karim Hosny <karim.hosny@its.ws> wrote:

>
>
> Hi Kiran,
>
> I didn't get any errors im just not sure that the proper way to create 
> a secure connection over kerberos authentication is calling the method 
> startTLS.
>
> I tried to call startTLS after successful kerberos authentication and 
> it worked fine, but is the proper way? Should SaslGssApi create the 
> startTLS, I believe kerberos authentication requires creating a secure 
> communication to transfer the tickets, correct?
>
> sorry this is a very vague question, can't explain about how you can 
> use
kerberos here,
you need to do your homework on what you want to achieve and be precise on where you are stuck,
then it is easier to help if we can.

> Karim
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Thursday, March 26, 2015 12:40 PM
> To: api@directory.apache.org
> Subject: Re: Adding user to Active Directory with Kerberos binding
>
> On Thu, Mar 26, 2015 at 3:49 PM, Karim Hosny <karim.hosny@its.ws> wrote:
>
> > Hi,
> >
> > So I got the certificates working and apache Directory working fine 
> > over secure connection using startTLS and im able to add users, but 
> > I need also to bind using Kerberos and add users but it fails when I 
> > try it, my guess it requires to call startTLS probably, but from 
> > what I understood you either connect using startTLS or saslGssApi correct?
> >
> bind using SaslGssApiRequest , let us know what error you got
>
> >
> > How can I bind using kerberos and be able to perform secure 
> > sensitive operations?
> >
> > Thanks,
> > Karim
> >
> >
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>



--
Kiran Ayyagari
http://keydap.com
Mime
View raw message