From dev-return-42499-apmail-directory-dev-archive=directory.apache.org@directory.apache.org Thu Feb 21 15:26:57 2013 Return-Path: X-Original-To: apmail-directory-dev-archive@www.apache.org Delivered-To: apmail-directory-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BAE6EE1E6 for ; Thu, 21 Feb 2013 15:26:57 +0000 (UTC) Received: (qmail 85199 invoked by uid 500); 21 Feb 2013 15:26:57 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 85010 invoked by uid 500); 21 Feb 2013 15:26:57 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 84987 invoked by uid 99); 21 Feb 2013 15:26:57 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Feb 2013 15:26:56 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [131.64.100.6] (HELO edge-cols.mail.mil) (131.64.100.6) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Feb 2013 15:26:46 +0000 Received: from UCOLHP3H.easf.csd.disa.mil (131.64.100.149) by UCOLHP4Z.easf.csd.disa.mil (131.64.100.6) with Microsoft SMTP Server (TLS) id 14.2.309.2; Thu, 21 Feb 2013 15:26:24 +0000 Received: from UCOLHP9M.easf.csd.disa.mil ([169.254.1.227]) by UCOLHP3H.easf.csd.disa.mil ([131.64.100.149]) with mapi id 14.02.0309.003; Thu, 21 Feb 2013 15:26:24 +0000 From: "Yang, Gang CTR (US)" To: "users@directory.apache.org" , "dev@directory.apache.org" Subject: Unexpected error during BIND request processing using Kerberos authn Thread-Topic: Unexpected error during BIND request processing using Kerberos authn Thread-Index: Ac4QR9EE48hSTXUMTrOFH3HEs0CgtA== Content-Class: urn:content-classes:message Date: Thu, 21 Feb 2013 15:26:23 +0000 Message-ID: <82AE9B2456FC17429CDD874AE33B89603063C19F@ucolhp9m.easf.csd.disa.mil> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [131.64.100.75] Content-Type: multipart/alternative; boundary="_000_82AE9B2456FC17429CDD874AE33B89603063C19Fucolhp9measfcsd_" MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org --_000_82AE9B2456FC17429CDD874AE33B89603063C19Fucolhp9measfcsd_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, I was following ApacheDS 2.0 Kerberos User's Guide section 4 instructions t= o set up Kerberos authentication using ApacheDS provided Kerberos services = and to use Apache Directory Studio to bind with Kerberos. With the debuggin= g turned on, it looked like it has successfully got through the Kerberos ti= cket prodessing and the client sent the BIND_REQUEST to the LDAP service wi= th the ticket obtained from TGS. However during the BIND_REQUEST processing= , which I thought that should've succeeded, the following error occurred: jvm 1 | [15:45:23] WARN [org.apache.directory.server.ldap.LdapProtocolHandl= er] - Unexpected excep tion forcing session to close: sending disconnect notice to client. jvm 1 | java.security.PrivilegedActionException: javax.security.sasl.SaslEx= ception: Failure to in itialize security context [Caused by GSSException: Invalid name provided (M= echanism level: Could not load configuration file C:\Windows\krb5.ini (The system cannot find the fil= e specified))] jvm 1 | at java.security.AccessController.doPrivileged(Native Method) jvm 1 | at javax.security.auth.Subject.doAs(Unknown Source) jvm 1 | at org.apache.directory.server.ldap.handlers.bind.gssapi.GssapiMech= anismHandler.hand leMechanism(GssapiMechanismHandler.java:74) jvm 1 | at org.apache.directory.server.ldap.handlers.request.BindRequestHan= dler.handleSaslAu th(BindRequestHandler.java:560) I'm wondering why it was looking for Wnidows krb5.ini while I'm using all A= pacheDS provided Kerberos services esepcially after it has gone through tic= kets granting? Was this a bug or I missed anything in configuration? Appreciate any help. Gang --_000_82AE9B2456FC17429CDD874AE33B89603063C19Fucolhp9measfcsd_ Content-Type: text/html; charset="iso-8859-1" Content-ID: Content-Transfer-Encoding: quoted-printable

Hi,

I was following ApacheDS 2.0 Kerberos User's Guide section 4 instruction= s to set up Kerberos authentication using ApacheDS provided Kerberos servic= es and to use Apache Directory Studio to bind with Kerberos. With the debug= ging turned on, it looked like it has successfully got through the Kerberos ticket prodessing and the client= sent the BIND_REQUEST to the LDAP service with the ticket obtained from TG= S. However during the BIND_REQUEST processing, which I thought that should'= ve succeeded, the following error occurred:


jvm 1 | [15:45:23] WARN [org.apache.directory.server.ldap.LdapProtocolHandl= er] - Unexpected excep
tion forcing session to close: sending disconnect notice to client.
jvm 1 | java.security.PrivilegedActionException: javax.security.sasl.SaslEx= ception: Failure to in
itialize security context [Caused by GSSException: Invalid name provided (M= echanism level: Could not
load configuration file C:\Windows\krb5.ini (The system cannot find the fil= e specified))]
jvm 1 | at java.security.AccessController.doPrivileged(Native Method)
jvm 1 | at javax.security.auth.Subject.doAs(Unknown Source)
jvm 1 | at org.apache.directory.server.ldap.handlers.bind.gssapi.GssapiMech= anismHandler.hand
leMechanism(GssapiMechanismHandler.java:74)
jvm 1 | at org.apache.directory.server.ldap.handlers.request.BindRequestHan= dler.handleSaslAu
th(BindRequestHandler.java:560)



I'm wondering why it was looking for Wnidows krb5.ini while I'm using = all ApacheDS provided Kerberos services esepcially after it has gone throug= h tickets granting? Was this a bug or I missed anything in configuration?


Appreciate any help.

Gang

--_000_82AE9B2456FC17429CDD874AE33B89603063C19Fucolhp9measfcsd_--