directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Adding user to Active Directory with Kerberos binding
Date Thu, 26 Mar 2015 13:35:34 GMT
On Thu, Mar 26, 2015 at 9:30 PM, Karim Hosny <karim.hosny@its.ws> wrote:

>
> Let me rephrase my question.
>
> When I use SaslGssApi it means that I use Kerberos for authentication to
> the LDAP server, now this authentication process doesn't it use a secure
> connection or is it done in plain text? And if it does use secure
> connection then I shouldn't call the method startTLS() to create a secure
> layer right?
>
> it is performed on an insecured connection, and kerberos doesn't need a
secure connection

> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Thursday, March 26, 2015 3:20 PM
> To: api@directory.apache.org
> Subject: Re: Adding user to Active Directory with Kerberos binding
>
> On Thu, Mar 26, 2015 at 9:06 PM, Karim Hosny <karim.hosny@its.ws> wrote:
>
> >
> >
> > Hi Kiran,
> >
> > I didn't get any errors im just not sure that the proper way to create
> > a secure connection over kerberos authentication is calling the method
> > startTLS.
> >
> > I tried to call startTLS after successful kerberos authentication and
> > it worked fine, but is the proper way? Should SaslGssApi create the
> > startTLS, I believe kerberos authentication requires creating a secure
> > communication to transfer the tickets, correct?
> >
> > sorry this is a very vague question, can't explain about how you can
> > use
> kerberos here,
> you need to do your homework on what you want to achieve and be precise on
> where you are stuck, then it is easier to help if we can.
>
> > Karim
> > -----Original Message-----
> > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> > Sent: Thursday, March 26, 2015 12:40 PM
> > To: api@directory.apache.org
> > Subject: Re: Adding user to Active Directory with Kerberos binding
> >
> > On Thu, Mar 26, 2015 at 3:49 PM, Karim Hosny <karim.hosny@its.ws> wrote:
> >
> > > Hi,
> > >
> > > So I got the certificates working and apache Directory working fine
> > > over secure connection using startTLS and im able to add users, but
> > > I need also to bind using Kerberos and add users but it fails when I
> > > try it, my guess it requires to call startTLS probably, but from
> > > what I understood you either connect using startTLS or saslGssApi
> correct?
> > >
> > bind using SaslGssApiRequest , let us know what error you got
> >
> > >
> > > How can I bind using kerberos and be able to perform secure
> > > sensitive operations?
> > >
> > > Thanks,
> > > Karim
> > >
> > >
> >
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message