directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan Frain <ivan.fr...@gmail.com>
Subject Re: apacheds 1.5.7 kdc server problem on Mac OS X
Date Thu, 30 Aug 2012 09:56:07 GMT
Thanks for your quick answer !

I switched to ApacheDS 2.0.0.M7
My first try also gave me the same answer on my kinit request.
But I have changed my krb5.conf (see below) to allow weak type
(des-cbc-md5) thus the encryption type is supported now.

And finally I was able to authenticate. Great !

However I have still the problem for strong type like aes256. Do you have
any idea ?
It is not mandatory for me at the moment but it could be great if I
understand what's happening in that case.

Thanks for your support.

BR,
Ivan


---- krb5.conf ----
[libdefaults]
        default_realm = HADOOP.LAN
        allow_weak_crypto = true
        default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
        default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
        permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1

[realms]
        HADOOP.LAN = {
                kdc = mac.hadoop.lan:60088
        }

[domain_realm]
        .hadoop.lan = HADOOP.LAN
        hadoop.lan = HADOOP.LAN




2012/8/30 Emmanuel Lécharny <elecharny@gmail.com>

> Le 8/30/12 10:31 AM, Ivan Frain a écrit :
>
>  Hi all,
>>
>> I am having trouble with the configuration of apcheDS kdcServer
>> configuration.
>> I am using apacheDS 1.5.7 from tar.gz archive and running on Mac OS X.
>> My java version "1.7.0_05" 64 bits
>>
>> I have successfully started the server and kdcServer is up and running.
>> I have configured the partition and set up one user. The krb5key was
>> generated since I enable the keyDerivation interceptor.
>>
>> The problem comes when I use kinit:
>>
>> $ kinit ifrain@HADOOP.LAN
>> ifrain@HADOOP.LAN's Password:
>> kinit: krb5_get_init_creds: KDC has no support for encryption type
>>
>>
>> Any help would be much appreciated.
>>
>
> Have you tried with the latest version, 2.0.0-M7 ?
>
> We have fixed *many* issues since 1.5.7, including kerberos bugs...
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
>


-- 
Ivan Frain
11, route de Grenade
31530 Saint-Paul-sur-Save
mobile: +33 (0)6 52 52 47 07

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message