directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexandre Beaupre <beaupr...@hotmail.com>
Subject Kerberos keys generation
Date Sun, 02 Feb 2014 21:16:30 GMT
Hi all,


I have recently downloaded ApacheDS 2.0.0-M15 to test Kerberos authentification and GSS-API.


I have tried following the Kerberos user guide, but I am unable to authenticate myself using
kinit, I get

"krb_error 9 The client or server has a null key (9) - The client or server has a null key”




I exported the corresponding LDAP entry, and I got


dn: uid=hnelson,ou=Users,dc=example,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: krb5KDCEntry
objectClass: person
objectClass: krb5Principal
objectClass: organizationalPerson
cn: Horatio Nelson
krb5KeyVersionNumber: 0
krb5PrincipalName: hnelson@EXAMPLE.COM
sn: Nelson
uid: hnelson




I’m guessing that my problem is that the krb5keys attributes are missing ?  However the
documentation states that they should be generated automatically…  Is there a configuration
I need to activate ?  


I’m using Apache Directory Studio and I have made sure that the "Enable Kerberos" box was
checked and that all Encryptions Types were checked under the Kerberos Tab.


From older post, I have seen reference to configuring a keyDerivationInterceptor in a server.xml
file, but I’m not sure if this applies to version 2.0.0 of ApacheDS as I cannot find any
server.xml file.


Can anybody give me a pointer as to why my krb5keys attribute are not generated ?


Thank you very much!

Alexandre Beaupré
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message