directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSTUDIO-1136) Kerberos Client Authentication fails when SASL Host is not configured
Date Wed, 25 Jan 2017 00:53:27 GMT

    [ https://issues.apache.org/jira/browse/DIRSTUDIO-1136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15836947#comment-15836947
] 

Emmanuel Lecharny commented on DIRSTUDIO-1136:
----------------------------------------------

{{kinit}} is using the {{/etc/krb5.conf}}, which contains the informations you have to provide
in Studio. 

Configuring Studio to connect with Kerberos is explained in http://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html.

> Kerberos Client Authentication fails when SASL Host is not configured
> ---------------------------------------------------------------------
>
>                 Key: DIRSTUDIO-1136
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1136
>             Project: Directory Studio
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M12
>         Environment: * Ubuntu 16.04
> * Oracle JRE with JCE (1.8)
> * ApacheDS back-end (apacheds-2.0.0-M23)
> * Apache Directory Studio Version: 2.0.0.v20161101-M12
>            Reporter: Lamar Hansford
>            Priority: Minor
>
> When SASL Host is not configured under
> * Configuration -> SASL Settings -> SASL Host
> * Configuration -> SASL Settings -> SASL Principal
> kinit will work fine.  However, connection through Apache Studio results in failure caused
by searches performed on these SASL parameters.
> elecharny@gmail.com
> "Studio uses SASL when it tries to bind using the kerberos credentials, this is done
using GSSAPI, and it's plain normal."
> This is confusing behavior since I can get this to working using command line tools.
 It not obvious there is a dependency here.
> Should add a lockout or validation message indicating SASL Server must be configured
prior Kerberos connection
> However, synchronization between server settings and client settings may be problematic.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message