Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 95769 invoked from network); 7 Jun 2009 11:49:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 7 Jun 2009 11:49:47 -0000 Received: (qmail 79239 invoked by uid 500); 7 Jun 2009 11:49:59 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 79143 invoked by uid 500); 7 Jun 2009 11:49:59 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 79135 invoked by uid 99); 7 Jun 2009 11:49:59 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 07 Jun 2009 11:49:59 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of eirbjo@gmail.com designates 72.14.220.157 as permitted sender) Received: from [72.14.220.157] (HELO fg-out-1718.google.com) (72.14.220.157) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 07 Jun 2009 11:49:49 +0000 Received: by fg-out-1718.google.com with SMTP id l27so636672fgb.3 for ; Sun, 07 Jun 2009 04:49:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=NiPm2osPl2nK71jcfZW+foVop4z4RlYspjO4fd44as4=; b=Cilp5Qnkiokr01IeWQAOVTlNL/SyiqdKU5jB5JjYdjyowM5tA3+n6DbXx2LbG0OfQt 3AyP3VaENl3dQ8bn23qtQuW+yNWTyRBbeiYEBu2Qcr758U0qTK642BzskRgRiRR274Jw wNs7D+cZLG9C3rroy+jD89JgZ+9SQ09rf1pE0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=KMC0hFEjAKVXKtxmQA1XTwaH/C/MF7g8x3O1QRq+BSiauv7+KDiMdwQ4gZmHxRaIbD HJIiFMCxTUAqM7rvTluhzJPRZfMFVBFcW/czu4cAPwgR9w4P687hn4nqbCmUOP1TQVXy QemMWB3M/uLOxWjUgQS+iD531edWeBCUvUghI= MIME-Version: 1.0 Received: by 10.86.26.11 with SMTP id 11mr5944538fgz.45.1244375367150; Sun, 07 Jun 2009 04:49:27 -0700 (PDT) Date: Sun, 7 Jun 2009 13:49:27 +0200 Message-ID: <34660cca0906070449hdb3b925l2be5cb178ff73517@mail.gmail.com> Subject: State of Kerberos in 1.5.4 From: =?ISO-8859-1?Q?Eirik_Bj=F8rsn=F8s?= To: dev@directory.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Hi guys, I'm currently looking into creating a JUnit integration test of some Kerberos/SPNego code in SVNSearch[1]. I had great success in the past using ApacheDS for the same purpose when testing LDAP integration. The Kerberos support is giving me some trouble though. The documentation[2] seems to be somewhat lacking and out of sync with 1.5.4. Anyway, what I've done so far is: o Created a unit test that starts ApacheDS with a KdcServer and a KeyDerivationInterceptor, pretty much copying SaslGssapiBindITest.java in 1.5.4 o Added kdcConfig.setIpPort(8888); kdcConfig.start(); (Seems like I need this to make the KDC server start) o Configured my Mac to use localhost:8888 as the KDC for EXAMPLE.COM o Run kinit hnelson@EXAMPLE.COM form the Terminal o Got the error message: "Kerberos Login Failed: Client not found in Kerberos database" o Enabling debug logging in the Kerberos code I noticed that "Client not found in Kerberos database" was actually caused by a NotImplementedException thrown at DirectoryPrincipalStore.getPrincipal(DirectoryPrincipalStore.java:95) Is the Kerberos server actually not implemented in 1.5.4? Or is there something wrong in the SaslGssapiBindITest setup code? What are my alternatives? Use an earlier version of ApacheDS or wait for the next release? Thanks, Eirik. [1] http://svnsearch.org [2] http://directory.apache.org/apacheds/1.5/54-kerberos-protocol-provider.html