directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject [kerberos] How to configure? (Re: is a org.apache.ldap.server.configuration.Configuration required in every JNDI connection?)
Date Tue, 21 Jun 2005 02:29:30 GMT
Hi Mark,

Please try to maintain nettiquette by using a prefix and a descriptive 
email subject.  That way the proper people can address your concerns 
rapidly.  Also you tacked on your questions to an existing email 
thread.  People may ignore it if its in a thread they are not interested 
in.  Coming out and saying it's regarding the Kerberos server may 
trigger people to respond.

I understand though that your problem was related to configuration.  
Just trying to give pointers on how you can get the best response 
quickest.  Please don't take this personally or as a hazing its just the 
way we do things here - I would recommend this to anyone :-).

Mark Wilcox wrote:

>Is there a Wiki page or URL  (or a simple mail message :)) -- to show
>how to enable the Kerberos service provider? I want to minimic a dual
>KDC setup (this is common in Active Directory implementations in
>higher ed where you have one AD tree for students and another for
>staff). ApacheDS seems to be the simplest approach.
You can turn it on in 0.9 using Kerberos specific properties using 
EnvKeys.ENABLE_KERBEROS set to true or on.  This will start the embedded 
Kerberos server.  Other properties also exist for configuring the KDC.  
These properties are found in the KdcConfiguration.  Perhaps Enrique has 
a wiki page out there on this stuff where these properties documented.

For now look at KdcConfiguration for 0.9.  It extracts properties from 
the environment given to it in the constructor if you look here:

The JNDI provider in the main of apacheds gives these properties to the 
KdcConfiguration and uses that to start the KDC's protocol provider and 
register it with MINA.

>But I can't seem to find any docs on how to actually enable the
>Kerberos service provider.
Sorry about that.  We should have the docs out there soon. 

>I'm using the .9 release of ApacheDS.


View raw message