directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <>
Subject Re: State of Kerberos in 1.5.4
Date Sun, 07 Jun 2009 16:22:26 GMT
Hi Eirik,

Eirik Bjørsnøs wrote:
> Hi guys,
> I'm currently looking into creating a JUnit integration test of some
> Kerberos/SPNego code in SVNSearch[1].
> I had great success in the past using ApacheDS for the same purpose
> when testing LDAP integration. The Kerberos support is giving me some
> trouble though. The documentation[2] seems to be somewhat lacking and
> out of sync with 1.5.4.
> Anyway, what I've done so far is:
> o Created a unit test that starts ApacheDS with a KdcServer and a
> KeyDerivationInterceptor, pretty much copying
> in 1.5.4
> o Added kdcConfig.setIpPort(8888); kdcConfig.start(); (Seems like I
> need this to make the KDC server start)
> o Configured my Mac to use localhost:8888 as the KDC for EXAMPLE.COM
> o Run kinit hnelson@EXAMPLE.COM form the Terminal
> o Got the error message: "Kerberos Login Failed: Client not found in
> Kerberos database"
> o Enabling debug logging in the Kerberos code I noticed that "Client
> not found in Kerberos database" was actually caused by a
> NotImplementedException thrown at
> DirectoryPrincipalStore.getPrincipal(
> Is the Kerberos server actually not implemented in 1.5.4? Or is there
> something wrong in the SaslGssapiBindITest setup code?
> What are my alternatives? Use an earlier version of ApacheDS or wait
> for the next release?

The bad news: the current Kerberos implementation is in a bad shape.

The good news: Christine fixed some unit tests in the current trunk. So
I would suggest to checkout the trunk from [1].

Kind Regards,


View raw message