directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Laskey <>
Subject Re: Generating keytab file for Websphere Kerberos configuration
Date Thu, 24 Jul 2014 15:36:50 GMT
Thank you,

I am trying out ApacheDS 2.0.0-M17 as you suggest. Configuration seems
easier there...

Regarding the unit test. For my own wrapper I will need to write, in what
environment would I execute the class to get the keytab for a user? Do I
just run a main class in my own JVM? Does it need access to something on
the file system, or is there someway that I can deploy and invoke the code
from the ApacheDS server program?


Le 23/07/2014 23:17, Brian Laskey a écrit :
> I would like to try to use an existing Apache DS 1.5.7 server that my team
> had, and add in the built in Kerberos server support (KDC). After following
> a number of tutorials, I think I am somewhat there. I have principals in
> Apache DS under an domain.

I would seriously suggest you switch to a more recent version. 1.5.7 is
more than 4 years old, and a hell lot of work has been injected in the
server, including a complete rewrote of most of the kerberos code...
> My goal is to integrate with WebSphere Security Kerberos configuration (WAS
> As part of the information required by WebSphere you must provide:
> - The Kerberos keytab file contains one or more Kerberos service principal
> names and keys. This same file is used for both Kerberos authentication and
> SPNEGO web authentication
> This seems to be a command line utility with the MIT krb5 server that would
> do this (ktadd ...). Is there an equivalent approach with Apache DS? I was
> unable to find documentation around this.

We have a class taht does update a Keytab file, it's not documented.
There is a unit test that show how to use it from a piece of Java code :

It probbaly deserves some wrapper around it.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message