Hi Apache DS Team I required a help in creating the kerberos principals from java using apache DS API. I am using krb5-1.10.1with OpenLDAP in the backend. I am able to add principals using addprinc and authenticate using kinit from Terminal. Environment Details: Operating System: Mac OS X - Snow Leopard. Kerberos: MIT, Version krb5-1.10.1 Back End for Kerberos: Open LDAP 2.4.11 Please find attached krb5.conf used. |
krb5.conf
Description: Binary data
I would like to know the steps/procedure in order to create Kerberos(MIT) Principals from JAVA using Apache DS API [So that kinit will get authenticate and issue tickets]. With the following code i am able to
import java.io.IOException; import java.nio.ByteBuffer; import javax.security.auth.kerberos.KerberosKey; import javax.security.auth.kerberos.KerberosPrincipal; import org.apache.directory.ldap.client.api.LdapConnection; import org.apache.directory.ldap.client.api.LdapNetworkConnection; import org.apache.directory.shared.kerberos.codec.types.EncryptionType; import org.apache.directory.shared.kerberos.components.EncryptionKey; import org.apache.directory.shared.ldap.model.entry.Attribute; import org.apache.directory.shared.ldap.model.entry.DefaultAttribute; import org.apache.directory.shared.ldap.model.entry.DefaultEntry; import org.apache.directory.shared.ldap.model.entry.Entry; import org.apache.directory.shared.ldap.model.exception.LdapException; public static void createPrincipalWithDSCode () throws LdapException, IOException{ String USERS_DN = "cn=EXAMPLE.COM,cn=Manager,dc=example,dc=com"; String principalName = "kamal12...@example.com"; String userPassword ="apple"; String loginDN = "cn=Manager,dc=example,dc=com";// ou=people,dc=example,dc=com"; String loginDNPwd = "apple123$";// "people"; LdapConnection connection = null; try { connection = new LdapNetworkConnection("localhost", 389); connection.bind(loginDN, loginDNPwd); Entry entry = new DefaultEntry(); entry.setDn( rdn + "," + USERS_DN ); entry.add( "objectClass", "krbPrincipal", "krbPrincipalAux","krbTicketPolicyAux"); entry.add("krbPrincipalName",principalName); entry.add("krbLoginFailedCount","0"); entry.add("krbTicketFlags", "0"); entry.add("krbTicketFlags", "0"); KerberosPrincipal principal = new KerberosPrincipal(principalName); KerberosKey kerberosKey = new KerberosKey(principal, userPassword.toCharArray(), "DES"); EncryptionKey encryptionKey = new EncryptionKey(EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded(), kerberosKey.getVersionNumber()); Attribute keyAttribute = new DefaultAttribute("krbPrincipalKey"); ByteBuffer buffer = ByteBuffer.allocate(encryptionKey.computeLength()); encryptionKey.encode(buffer); keyAttribute.add(new byte[][] { buffer.array() }); //entry.put(new Attribute[] { getKeyAttribute(addContext.getSession().getDirectoryService().getSchemaManager(), keys) }); entry.put(new Attribute[]{keyAttribute}); System.out.println("keyAttribute" +keyAttribute); //entry.add(keyAttribute); System.out.println("entry" +entry); connection.add( entry ); System.out.println("Entry has been created"); System.out.println(connection); connection.unBind(); }catch (Exception e) { e.printStackTrace(); } finally{ connection.close(); } } JAVA Console: keyAttribute krbPrincipalKey: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xD3 0x45 0x25 0x46 0xA4 ...' entryEntry dn: krbPrincipalName=kamal12...@example.com,cn=EXAMPLE.COM,cn=Manager,dc=example,dc=com objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux krbPrincipalKey: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xD3 0x45 0x25 0x46 0xA4 ...' krbTicketFlags: 0 krbLoginFailedCount: 0 krbPrincipalName: kamal12...@example.com Entry has been created org.apache.directory.ldap.client.api.LdapNetworkConnection@526d0040 And when kinit from terminal the principal that has been created above, results the below error. AS_REQ (7 etypes {18 17 16 23 1 3 2}) ::1: LOOKING_UP_CLIENT: kamal1...@example.com for krbtgt/example....@example.com, unable to decode stored principal key data (ASN.1 identifier doesn't match expected value) Thanks Kamalakar |
