directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill MacAllister <...@stanford.edu>
Subject GSSAPI Binds to Directory Studio
Date Fri, 17 Dec 2010 23:28:56 GMT
Hello,

I am trying to make a GSSAPI bind to an OpenLDAP directory server
using Directory Studio.  When I setup a connection I specify 'Use
native TGT' and 'Use native system configuration'.  When I try and
attempt I get the failure:

Error while opening connection
  javax.naming.NamingException [Root exception is javax.security.auth.login.LoginException:
Unable to obtain Princpal Name for authentication ]
	at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.doGssapiBind(JNDIConnectionWrapper.java:1153)
	at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.access$700(JNDIConnectionWrapper.java:106)
	at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper$7.run(JNDIConnectionWrapper.java:1041)
	at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.runAndMonitor(JNDIConnectionWrapper.java:1272)
	at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.doBind(JNDIConnectionWrapper.java:1065)
	at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.bind(JNDIConnectionWrapper.java:254)
	at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
	at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:114)
	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55)
Caused by: javax.security.auth.login.LoginException: Unable to obtain Princpal Name for authentication
	at com.sun.security.auth.module.Krb5LoginModule.promptForName(Krb5LoginModule.java:750)
	at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:646)
	at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:559)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:616)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
	at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.doGssapiBind(JNDIConnectionWrapper.java:1149)
	... 8 more

  javax.naming.NamingException [Root exception is javax.security.auth.login.LoginException:
Unable to obtain Princpal Name for authentication ]

Looks like Directory Studio is not finding my ticket cache.  I would
expect it to follow the KRB5CCNAME environment variable.  Is there
some other way to point Directory Studio at my ticket cache?

Thanks in advance,

Bill

-- 

Bill MacAllister
Infrastructure Delivery Group, Stanford University


Mime
View raw message