directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Laskey <brian.las...@gmail.com>
Subject Re: Generating keytab file for Websphere Kerberos configuration
Date Thu, 24 Jul 2014 15:36:50 GMT
Thank you,

I am trying out ApacheDS 2.0.0-M17 as you suggest. Configuration seems
easier there...

Regarding the unit test. For my own wrapper I will need to write, in what
environment would I execute the class to get the keytab for a user? Do I
just run a main class in my own JVM? Does it need access to something on
the file system, or is there someway that I can deploy and invoke the code
from the ApacheDS server program?

Thanks

Le 23/07/2014 23:17, Brian Laskey a écrit :
> I would like to try to use an existing Apache DS 1.5.7 server that my team
> had, and add in the built in Kerberos server support (KDC). After following
> a number of tutorials, I think I am somewhat there. I have principals in
> Apache DS under an example.com domain.

I would seriously suggest you switch to a more recent version. 1.5.7 is
more than 4 years old, and a hell lot of work has been injected in the
server, including a complete rewrote of most of the kerberos code...
>
> My goal is to integrate with WebSphere Security Kerberos configuration (WAS
> 8.5.0.1). As part of the information required by WebSphere you must provide:
> - The Kerberos keytab file contains one or more Kerberos service principal
> names and keys. This same file is used for both Kerberos authentication and
> SPNEGO web authentication
>
> This seems to be a command line utility with the MIT krb5 server that would
> do this (ktadd ...). Is there an equivalent approach with Apache DS? I was
> unable to find documentation around this.

We have a class taht does update a Keytab file, it's not documented.
There is a unit test that show how to use it from a piece of Java code :
http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java?revision=1589929&view=markup

It probbaly deserves some wrapper around it.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message