directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: Generating keytab file for Websphere Kerberos configuration
Date Thu, 24 Jul 2014 00:13:46 GMT
Le 23/07/2014 23:17, Brian Laskey a écrit :
> I would like to try to use an existing Apache DS 1.5.7 server that my team
> had, and add in the built in Kerberos server support (KDC). After following
> a number of tutorials, I think I am somewhat there. I have principals in
> Apache DS under an domain.

I would seriously suggest you switch to a more recent version. 1.5.7 is
more than 4 years old, and a hell lot of work has been injected in the
server, including a complete rewrote of most of the kerberos code...
> My goal is to integrate with WebSphere Security Kerberos configuration (WAS
> As part of the information required by WebSphere you must provide:
> - The Kerberos keytab file contains one or more Kerberos service principal
> names and keys. This same file is used for both Kerberos authentication and
> SPNEGO web authentication
> This seems to be a command line utility with the MIT krb5 server that would
> do this (ktadd ...). Is there an equivalent approach with Apache DS? I was
> unable to find documentation around this.

We have a class taht does update a Keytab file, it's not documented.
There is a unit test that show how to use it from a piece of Java code :

It probbaly deserves some wrapper around it.

View raw message