directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: [Triplesec] User Authentication problem in Windows XP
Date Mon, 26 Feb 2007 16:14:44 GMT
Arnab,

On 2/26/07, Arnab Hazra <arnab.hazra@mindteck.com> wrote:
>
> Hi,
>
> I am using Triplesec 0.7.1 in an windows XP operating system. JDK 1.4.2and Tomcat
> 4.1.34 is installed in my system. Now I am having some problem in running
> the demo application which I downloaded from the link provided in User's
> Guide/Running Demo Application using Triplesec. It is a web application that
> asks for a username and password to log into the application.
>
> The problems that I am facing are in configuration settings :-
>
> 1> I did not find any krb5.ini or krb5.conf in my system. So, I manually
> created the file and copied it into the directory C:\WINNT.


That's fine.

The file that I  created was obtained by editing a linux version
krb5.conffile which I found in the user guide manual. Many files like
> krb5libs.log, krbkdc.log, kadmind.log, kdc.conf are also missing from my
> system, and I have no idea what it should contain.


No need for the rest of these files.  Just the krb5.ini is sufficient.

So, it would be a great help if you can suggest a proper krb5.ini file for
> an windows XP operating system and along with it the details related to the
> missing files. I am using the following krb5.ini file :
>
> [logging]
> default = C:/log/krb5libs.log
> kdc = C:/log/krb5kdc.log
> admin_server = C:/log/kadmind.log


These are not used.

[libdefaults]
> default_realm = SAFEHAUS.ORG
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> ticket_lifetime = 24h
> forwardable = yes
>
> default_tgs_enctypes = des-cbc-md5
> default_tkt_enctypes = des-cbc-md5
> preferred_enctypes = des-cbc-md5
> permitted_enctypes = des-cbc-md5
>
> [realms]
> SAFEHAUS.ORG = {
>   kdc = localhost:88
>   admin_server = localhost:749
>   default_domain = karasulu.homeip.net
> }
>
> [domain_realm]
> .karasulu.homeip.net = SAFEHAUS.ORG
> karasulu.homeip.net = SAFEHAUS.ORG


Here you're telling the kerberos client to lookup karasulu.homeip.net as the
kdc.  You might want to switch to localhost if your server and client are
both running on the same machine.

[kdc]
> profile = C:/kerberos/krb5kdc/kdc.conf


Also ignored.

[appdefaults]
> pam = {
>    debug = false
>    forwardable = true
>    krb4_convert = false
> }
>
> 2> Secondly, from where should we retrieve the user login id and HausPass
> password.


You can use a login id that is built into the server with an example user
and generate a hauspass (OTP) from the mobile token generator for that
user.

You can download a demo account hauskeys application onto you cell from
visiting wap.safehaus.org using your mobile phone.

HTH,
Alex

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message