directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yang, Gang CTR (US)" <gang.yang....@mail.mil>
Subject Unexpected error during BIND request processing using Kerberos authn
Date Thu, 21 Feb 2013 15:26:23 GMT
Hi,

I was following ApacheDS 2.0 Kerberos User's Guide section 4 instructions to set up Kerberos
authentication using ApacheDS provided Kerberos services and to use Apache Directory Studio
to bind with Kerberos. With the debugging turned on, it looked like it has successfully got
through the Kerberos ticket prodessing and the client sent the BIND_REQUEST to the LDAP service
with the ticket obtained from TGS. However during the BIND_REQUEST processing, which I thought
that should've succeeded, the following error occurred:


jvm 1 | [15:45:23] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - Unexpected
excep
tion forcing session to close: sending disconnect notice to client.
jvm 1 | java.security.PrivilegedActionException: javax.security.sasl.SaslException: Failure
to in
itialize security context [Caused by GSSException: Invalid name provided (Mechanism level:
Could not
load configuration file C:\Windows\krb5.ini (The system cannot find the file specified))]
jvm 1 | at java.security.AccessController.doPrivileged(Native Method)
jvm 1 | at javax.security.auth.Subject.doAs(Unknown Source)
jvm 1 | at org.apache.directory.server.ldap.handlers.bind.gssapi.GssapiMechanismHandler.hand
leMechanism(GssapiMechanismHandler.java:74)
jvm 1 | at org.apache.directory.server.ldap.handlers.request.BindRequestHandler.handleSaslAu
th(BindRequestHandler.java:560)



I'm wondering why it was looking for Wnidows krb5.ini while I'm using all ApacheDS provided
Kerberos services esepcially after it has gone through tickets granting? Was this a bug or
I missed anything in configuration?



Appreciate any help.

Gang

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message