directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill MacAllister <...@stanford.edu>
Subject Re: GSSAPI Binds to Directory Studio
Date Tue, 11 Jan 2011 00:41:06 GMT


--On Saturday, December 18, 2010 11:18:03 PM -0800 Bill MacAllister <whm@stanford.edu>
wrote:

>
>
> --On Saturday, December 18, 2010 12:05:39 PM +0100 Stefan Seelmann <seelmann@apache.org>
wrote:
>
>> Hi Bill,
>>
>> On Sat, Dec 18, 2010 at 12:28 AM, Bill MacAllister <whm@stanford.edu> wrote:
>>> Looks like Directory Studio is not finding my ticket cache.  I would
>>> expect it to follow the KRB5CCNAME environment variable.  Is there
>>> some other way to point Directory Studio at my ticket cache?
>>
>> Studio uses JNDI which uses JAAS underneath which doesn't look to the
>> KRB5CCNAME environment variable by default, see [1] for details.
>>
>> There are several workarounds, the easiest should be to append the
>> following argument when starting Studio:
>>
>>     -Duser.krb5ccname=$KRB5CCANME
>>
>> You can also create an ".ApacheDirectoryStudio.ini" file in the Studio
>> installation directory (assumed you are using Linux) and put the
>> argument into it, but then you can't use the $KRB5CCANME variable.
>>
>> Hope that helps,
>> Stefan
>>
>>
>> [1] http://bugs.sun.com/view_bug.do?bug_id=6832353
>
> That worked great.  Well, at least I am able to bind to the directory
> now.

Well, it was working great, but now I am getting the error "Unable to
obtain Princpal Name for authentication" whenever I attempt to connect.
(The complete error is at the end of this message.  Here is an example
session:

  % klist
  Ticket cache: FILE:/tmp/krb5cc_1000_As1ndf
  Default principal: whm@stanford.edu

  Valid starting     Expires            Service principal
  01/10/11 16:23:08  01/11/11 17:23:08  krbtgt/stanford.edu@stanford.edu
        renew until 01/17/11 16:23:08
  % echo $KRB5CCNAME
  FILE:/tmp/krb5cc_1000_As1ndf

  % ~/a_bin/ApacheDirectoryStudio/ApacheDirectoryStudio  -Duser.krb5ccname=$KRB5CCNAME
  0    [main] INFO  org.apache.directory.studio.Application  - Entering Apache Directory Studio.
  45163 [main] INFO  org.apache.directory.studio.Application  - Exiting Apache Directory Studio.

This is failing on a ubuntu maverick system and on debian squeeze.
Both have openjdk installed.  I have tried installing sun-java6 with
the same results.

What am I missing?

Bill

--

Bill MacAllister
Infrastructure Delivery Group, Stanford University



Error while opening connection
  javax.naming.NamingException [Root exception is javax.security.auth.login.LoginException:
Unable to obtain Princpal Name for authentication ]
	at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.doGssapiBind(JNDIConnectionWrapper.java:1153)
	at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.access$700(JNDIConnectionWrapper.java:106)
	at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper$7.run(JNDIConnectionWrapper.java:1041)
	at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.runAndMonitor(JNDIConnectionWrapper.java:1272)
	at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.doBind(JNDIConnectionWrapper.java:1065)
	at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.bind(JNDIConnectionWrapper.java:254)
	at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
	at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:114)
	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55)
Caused by: javax.security.auth.login.LoginException: Unable to obtain Princpal Name for authentication
	at com.sun.security.auth.module.Krb5LoginModule.promptForName(Krb5LoginModule.java:750)
	at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:646)
	at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:559)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:616)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
	at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.doGssapiBind(JNDIConnectionWrapper.java:1149)
	... 8 more

  javax.naming.NamingException [Root exception is javax.security.auth.login.LoginException:
Unable to obtain Princpal Name for authentication ]


Mime
View raw message