directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexandre Beaupre <>
Subject Kerberos keys generation
Date Sun, 02 Feb 2014 21:16:30 GMT
Hi all,

I have recently downloaded ApacheDS 2.0.0-M15 to test Kerberos authentification and GSS-API.

I have tried following the Kerberos user guide, but I am unable to authenticate myself using
kinit, I get

"krb_error 9 The client or server has a null key (9) - The client or server has a null key”

I exported the corresponding LDAP entry, and I got

dn: uid=hnelson,ou=Users,dc=example,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: krb5KDCEntry
objectClass: person
objectClass: krb5Principal
objectClass: organizationalPerson
cn: Horatio Nelson
krb5KeyVersionNumber: 0
krb5PrincipalName: hnelson@EXAMPLE.COM
sn: Nelson
uid: hnelson

I’m guessing that my problem is that the krb5keys attributes are missing ?  However the
documentation states that they should be generated automatically…  Is there a configuration
I need to activate ?  

I’m using Apache Directory Studio and I have made sure that the "Enable Kerberos" box was
checked and that all Encryptions Types were checked under the Kerberos Tab.

From older post, I have seen reference to configuring a keyDerivationInterceptor in a server.xml
file, but I’m not sure if this applies to version 2.0.0 of ApacheDS as I cannot find any
server.xml file.

Can anybody give me a pointer as to why my krb5keys attribute are not generated ?

Thank you very much!

Alexandre Beaupré
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message