directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: Generating keytab file for Websphere Kerberos configuration
Date Thu, 24 Jul 2014 00:13:46 GMT
Le 23/07/2014 23:17, Brian Laskey a écrit :
> I would like to try to use an existing Apache DS 1.5.7 server that my team
> had, and add in the built in Kerberos server support (KDC). After following
> a number of tutorials, I think I am somewhat there. I have principals in
> Apache DS under an example.com domain.

I would seriously suggest you switch to a more recent version. 1.5.7 is
more than 4 years old, and a hell lot of work has been injected in the
server, including a complete rewrote of most of the kerberos code...
>
> My goal is to integrate with WebSphere Security Kerberos configuration (WAS
> 8.5.0.1). As part of the information required by WebSphere you must provide:
> - The Kerberos keytab file contains one or more Kerberos service principal
> names and keys. This same file is used for both Kerberos authentication and
> SPNEGO web authentication
>
> This seems to be a command line utility with the MIT krb5 server that would
> do this (ktadd ...). Is there an equivalent approach with Apache DS? I was
> unable to find documentation around this.

We have a class taht does update a Keytab file, it's not documented.
There is a unit test that show how to use it from a piece of Java code :

http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java?revision=1589929&view=markup

It probbaly deserves some wrapper around it.


Mime
View raw message