WARNING: Don't use this in a productive environment!
This page shows how to activate and setup the KDC server of ApacheDS 1.5.5 (build from trunk 2009-08-04). This is a very simple setup (host: localhost, realm: EXAMPLE.COM). Need to check the setup for other hosts and realms...
Acivate the keyDerivationInterceptor and the kdcServer. Also set saslHost and saslPrincipal to localhost. Add entries for users not before you have activated those elements, otherwise the krb5Key won't be created!
Here is a complete server.xml: server.xml
Configure debug level logging in log4j.properties:
Restart the server, you should see the following output:
Load the following data into the server, e.g. using Apache Directory Studio: kdc-data.ldif
Note: The activated keyDerivationInterceptor automatically creates the krb5Key attributes:
Make sure kinit is installed.
A minimal /etc/krb5.conf file looks as follows (make sure the port matches!):
Then try to authenticate, password is 'secret':