directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Laskey <brian.las...@gmail.com>
Subject Re: [ApacheDS] Generating keytab file for Websphere Kerberos configuration, now with KRB-ERROR in logs
Date Fri, 25 Jul 2014 18:06:55 GMT
I appreciate the help with this. I am new to ApacheDS and Kerberos.

I have now tried that tutorial (of course I hadn't got that far, I was
trying the tutorial before it, 4.1 - Authenticate with kinit on Linux!)

Adding krbtgt/EXAMPLE.COM@EXAMPLE.COM SOLVES the "Server not found in the
Kerberos database while getting initial credentials" error with kinit. So
that's good.

However, now in kinit I get a new error for any principal I try (either
using my generated keytab or by typing in the password).
Verbose output of kinit -V monkey@EXAMPLE.COM
Using default cache: /tmp/krb5cc_13553
Using principal: monkey@EXAMPLE.COM
Password for monkey@EXAMPLE.COM:
kinit: Password incorrect while getting initial credentials

I am trying kinit on a linux machine.

On a separate Windows 7 machine, I have Apache Directory Studio. Following
the tutorial as best I can (Kerberos settings tab seems subtly different
than the screens I see on Apache Directory Studio 2.0.0.v20130628 / Win7 /
IBM Java 1.7 JRE)

After I set up krbtgt and ldap principals, when I try to connect as one of
my principals using Apache directory Studio I get this exception:

Error while opening connection
 - java.lang.IllegalArgumentException
org.apache.directory.api.ldap.model.exception.LdapException:
java.lang.IllegalArgumentException
    at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1535)
    at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1421)
    at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:447)
    at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
    at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
    at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
    at
org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
    at
org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
    at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
Caused by: java.lang.IllegalArgumentException
    at
javax.security.auth.login.AppConfigurationEntry.<init>(AppConfigurationEntry.java:84)
    at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$InnerConfiguration.getAppConfigurationEntry(DirectoryApiConnectionWrapper.java:1222)
    at javax.security.auth.login.LoginContext.init(LoginContext.java:269)
    at javax.security.auth.login.LoginContext.<init>(LoginContext.java:427)
    at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1520)
    ... 8 more

java.lang.IllegalArgumentException


Seems like no matter which way I go I am finding all the hurdles.

Thank you,
Brian

On Fri, Jul 25, 2014 at 12:12 PM, Emmanuel Lécharny <elecharny@gmail.com>
wrote:

> Le 25/07/2014 17:19, Brian Laskey a écrit :
> > Actually, I solved the "Additional pre-authentication required" error by
> > Opening Configuration on my ApacheDS server with Directory Studio, on the
> > Kerberos Server tab, uncheck Require Pre-AuthenticationBy Encrypted
> > TimeStamp check box under Ticket Settings.
> >
> >
> > Now I receive a different error with kinit using the same keytab and conf
> > file:
> > kinit: Server not found in Kerberos database while getting initial
> > credentials
> >
> >
> > Should I create a principal krbtgt manually?
>
> I think so.
>
> Have you followed the tutorial on
>
> http://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html
> ?
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message