directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject Re: ApacheDS and kerberos problems
Date Fri, 25 Jun 2010 08:47:35 GMT
On Fri, Jun 25, 2010 at 10:37 AM, lkecir <lotfi.kecir@ipcine.com> wrote:
> thank you.
>
> I made the changes you told me but still not working.
> my kinit doesn't work
>
> # kinit hnelson@EXAMPLE.COM
> kinit(v5): Client or server has a null key while getting initial
> credentials
>
> tail -f /var/lib/apacheds-1.5.7/default/log/apacheds-rolling.log
>
> [10:15:29] DEBUG
> [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Session
will use encryption type des-cbc-md5 (3).
> [10:15:29] DEBUG
> [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry
ServerEntry
>    dn[n]: uid=hnelson,ou=Users,dc=example,dc=com
>    objectClass: organizationalPerson
>    objectClass: person
>    objectClass: krb5Principal
>    objectClass: inetOrgPerson
>    objectClass: krb5KDCEntry
>    objectClass: top
>    uid: hnelson
>    sn: Nelson
>    krb5PrincipalName: hnelson@EXAMPLE.COM
>    krb5KeyVersionNumber: 0
>    cn: Horatio Nelson
>    userPassword: '0x73 0x65 0x63 0x72 0x65 0x74 '
>  for kerberos principal name hnelson@EXAMPLE.COM

It's pretty clear: the krb5Key attribute wasn't created. It is
important that you activate the "keyDerivationInterceptor" before you
create the principal entries. Please make sure that the interceptor is
activated in server.xml, then delete the entries in ApacheDS and
import them again. Then double check that the krb5Key attribute for
all entries was created.

Kind Regards,
Stefan

Mime
View raw message