Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 54552 invoked from network); 29 Nov 2007 21:23:52 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 29 Nov 2007 21:23:52 -0000 Received: (qmail 61416 invoked by uid 500); 29 Nov 2007 21:23:39 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 61380 invoked by uid 500); 29 Nov 2007 21:23:39 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 61369 invoked by uid 99); 29 Nov 2007 21:23:39 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Nov 2007 13:23:39 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of enriquer9@gmail.com designates 209.85.146.182 as permitted sender) Received: from [209.85.146.182] (HELO wa-out-1112.google.com) (209.85.146.182) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Nov 2007 21:23:20 +0000 Received: by wa-out-1112.google.com with SMTP id m38so2670985waf for ; Thu, 29 Nov 2007 13:23:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=J5M94larL8nffLMN+4VvqiHwYR8hnZeliaGQiOuiY6E=; b=aRHxCo6qMCxtR9v7xERTfLeJeHt2q98nEEqc6GV+ADSNrA3sve7UAGsH9fJ1tmY+BVVGh5oEbXJMgh9XZ0WIEKOhUWWy/fvrWQg5DQsP/xPICJSMh+lioSoV9pGfJqle5YL+OJkyid4BPmEwfmmCvTk565XB3ACErposj65k0G0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=k7S5BZByoneErh2ly7xJUZfGBvTTbDCFYCoinA23dRDY9Eju8jo9WrhlnQNcTS6SQVtQqZqi41SpKmvc4aAfhz5CRz2W8BVyn9xkN7QiahszVceuchHHUxJFr5LDj7AXI7fb8k+ve0Pn2uVO0/KIQru8XALGcKIuLJFEsIAA/Wc= Received: by 10.114.110.1 with SMTP id i1mr183498wac.1196371401648; Thu, 29 Nov 2007 13:23:21 -0800 (PST) Received: by 10.114.240.14 with HTTP; Thu, 29 Nov 2007 13:23:21 -0800 (PST) Message-ID: <568753d90711291323t3ade2676l9cd18301f3bfc343@mail.gmail.com> Date: Thu, 29 Nov 2007 13:23:21 -0800 From: "Enrique Rodriguez" Reply-To: erodriguez@apache.org To: "Apache Directory Developers List" Subject: Re: [kerberos] How to add client/server information into kerberos database In-Reply-To: <473c46620711282329q2aaca9d9n216ef492e2dffa50@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <473c46620711282329q2aaca9d9n216ef492e2dffa50@mail.gmail.com> X-Virus-Checked: Checked by ClamAV on apache.org On Nov 28, 2007 11:29 PM, Spark Shen wrote: > I did not find document about how to add client/server information to kdc > server , > would any one give me a hand? Thanks in advance. > ... I think the best doc we currently have is for configuring SASL GSSAPI, since a subset of configuring SASL GSSAPI is configuring Kerberos principals, so the docs are pretty good here: http://directory.apache.org/apacheds/1.5/howto-do-sasl-gssapi-authentication-to-apacheds.html You can skip ahead to steps 12-14, in which you (#12) enable the Kerberos protocol, (#13) enable the Key Derivation interceptor, and then (#14) load an LDIF file. You load principals using standard LDAP means, so you can also use the LDAP protocol. Though, for getting started, an LDIF file is pretty straightforward. In that doc is a link to an LDIF showing how to format an LDIF file: http://directory.apache.org/apacheds/1.5/howto-do-sasl-gssapi-authentication-to-apacheds.data/sasl-gssapi-example.ldif The rest of your config looks OK. Enrique