directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: apacheds 1.5.7 kdc server problem on Mac OS X
Date Thu, 30 Aug 2012 10:03:04 GMT
try after including the unlimited strength policy files [1]

[1] http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

On Thu, Aug 30, 2012 at 3:26 PM, Ivan Frain <ivan.frain@gmail.com> wrote:
> Thanks for your quick answer !
>
> I switched to ApacheDS 2.0.0.M7
> My first try also gave me the same answer on my kinit request.
> But I have changed my krb5.conf (see below) to allow weak type
> (des-cbc-md5) thus the encryption type is supported now.
>
> And finally I was able to authenticate. Great !
>
> However I have still the problem for strong type like aes256. Do you have
> any idea ?
> It is not mandatory for me at the moment but it could be great if I
> understand what's happening in that case.
>
> Thanks for your support.
>
> BR,
> Ivan
>
>
> ---- krb5.conf ----
> [libdefaults]
>         default_realm = HADOOP.LAN
>         allow_weak_crypto = true
>         default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
>         default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
>         permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
>
> [realms]
>         HADOOP.LAN = {
>                 kdc = mac.hadoop.lan:60088
>         }
>
> [domain_realm]
>         .hadoop.lan = HADOOP.LAN
>         hadoop.lan = HADOOP.LAN
>
>
>
>
> 2012/8/30 Emmanuel Lécharny <elecharny@gmail.com>
>
>> Le 8/30/12 10:31 AM, Ivan Frain a écrit :
>>
>>  Hi all,
>>>
>>> I am having trouble with the configuration of apcheDS kdcServer
>>> configuration.
>>> I am using apacheDS 1.5.7 from tar.gz archive and running on Mac OS X.
>>> My java version "1.7.0_05" 64 bits
>>>
>>> I have successfully started the server and kdcServer is up and running.
>>> I have configured the partition and set up one user. The krb5key was
>>> generated since I enable the keyDerivation interceptor.
>>>
>>> The problem comes when I use kinit:
>>>
>>> $ kinit ifrain@HADOOP.LAN
>>> ifrain@HADOOP.LAN's Password:
>>> kinit: krb5_get_init_creds: KDC has no support for encryption type
>>>
>>>
>>> Any help would be much appreciated.
>>>
>>
>> Have you tried with the latest version, 2.0.0-M7 ?
>>
>> We have fixed *many* issues since 1.5.7, including kerberos bugs...
>>
>>
>> --
>> Regards,
>> Cordialement,
>> Emmanuel Lécharny
>> www.iktek.com
>>
>>
>
>
> --
> Ivan Frain
> 11, route de Grenade
> 31530 Saint-Paul-sur-Save
> mobile: +33 (0)6 52 52 47 07



-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message