directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Generating keytab file for Websphere Kerberos configuration
Date Thu, 24 Jul 2014 18:32:02 GMT
On Thu, Jul 24, 2014 at 9:06 PM, Brian Laskey <brian.laskey@gmail.com>
wrote:

> Thank you,
>
> I am trying out ApacheDS 2.0.0-M17 as you suggest. Configuration seems
> easier there...
>
> Regarding the unit test. For my own wrapper I will need to write, in what
> environment would I execute the class to get the keytab for a user? Do I
> just run a main class in my own JVM? Does it need access to something on
> the file system, or is there someway that I can deploy and invoke the code
> from the ApacheDS server program?
>
> it doesn't need to read anything from the file system, but you may want to
contact
the server to get access to the kerberos keys of the user account for which
this keytab
is generated

> Thanks
>
> Le 23/07/2014 23:17, Brian Laskey a écrit :
> > I would like to try to use an existing Apache DS 1.5.7 server that my
> team
> > had, and add in the built in Kerberos server support (KDC). After
> following
> > a number of tutorials, I think I am somewhat there. I have principals in
> > Apache DS under an example.com domain.
>
> I would seriously suggest you switch to a more recent version. 1.5.7 is
> more than 4 years old, and a hell lot of work has been injected in the
> server, including a complete rewrote of most of the kerberos code...
> >
> > My goal is to integrate with WebSphere Security Kerberos configuration
> (WAS
> > 8.5.0.1). As part of the information required by WebSphere you must
> provide:
> > - The Kerberos keytab file contains one or more Kerberos service
> principal
> > names and keys. This same file is used for both Kerberos authentication
> and
> > SPNEGO web authentication
> >
> > This seems to be a command line utility with the MIT krb5 server that
> would
> > do this (ktadd ...). Is there an equivalent approach with Apache DS? I
> was
> > unable to find documentation around this.
>
> We have a class taht does update a Keytab file, it's not documented.
> There is a unit test that show how to use it from a piece of Java code :
>
> http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java?revision=1589929&view=markup
>
> It probbaly deserves some wrapper around it.
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message