Re: ApacheDS and kerberos problems

lkecir Fri, 25 Jun 2010 02:22:13 -0700

thank you for your replay.

keyDerivationInterceptor was enabled as expected in the guide.


so i delete all entries created by the LDIF file (kdc-data.ldif).
and re-impoted them.

i saw the krb5entries for the hnelson entry.


kinit worked

        #kinit [email protected]
        Password for [email protected]: 
        # klist
        Ticket cache: FILE:/tmp/krb5cc_0
        Default principal: [email protected]

        Valid starting     Expires            Service principal
        06/25/10 10:58:00  06/26/10 10:57:56    krbtgt/[email protected]


        Kerberos 4 ticket cache: /tmp/tkt0
        klist: You have no tickets cached



i tried to authenticate the same user using apache directory Studio i
got GSSAPI erros:

L'authentification a échouée (authentication failed in english)
 - GSSAPI
  javax.naming.AuthenticationException: GSSAPI [Root exception is
javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Server not
found in Kerberos database (7) - Server not found in Kerberos
database)]]
        at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)
        at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.ensureOpen(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.ensureOpen(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.reconnect(Unknown Source)
        at javax.naming.ldap.InitialLdapContext.reconnect(Unknown Source)
        at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper$8.run(JNDIConnectionWrapper.java:1165)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Unknown Source)
        at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.doGssapiBind(JNDIConnectionWrapper.java:1159)
        at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.access$700(JNDIConnectionWrapper.java:106)
        at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper$7.run(JNDIConnectionWrapper.java:1041)
        at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.runAndMonitor(JNDIConnectionWrapper.java:1272)
        at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.doBind(JNDIConnectionWrapper.java:1065)
        at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.bind(JNDIConnectionWrapper.java:254)
        at
org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:80)
        at org.apache.directory.studio.connection.ui.RunnableContextRunner
$1.run(RunnableContextRunner.java:123)
        at org.eclipse.jface.operation.ModalContext
$ModalContextThread.run(ModalContext.java:113)
Caused by: javax.security.sasl.SaslException: GSS initiate failed
[Caused by GSSException: No valid credentials provided (Mechanism level:
Server not found in Kerberos database (7) - Server not found in Kerberos
database)]
        at
com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown
Source)
        ... 19 more
Caused by: GSSException: No valid credentials provided (Mechanism level:
Server not found in Kerberos database (7) - Server not found in Kerberos
database)
        at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
        ... 20 more
Caused by: KrbException: Server not found in Kerberos database (7) -
Server not found in Kerberos database
        at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
        at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)
        at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown
Source)
        at
sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown
Source)
        at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
        ... 23 more
Caused by: KrbException: Identifier doesn't match expected value (906)
        at sun.security.krb5.internal.KDCRep.init(Unknown Source)
        at sun.security.krb5.internal.TGSRep.init(Unknown Source)
        at sun.security.krb5.internal.TGSRep.<init>(Unknown Source)
        ... 28 more

  GSSAPI

my connection settings are: 
for the first screen:
   as i work on distant workstation:
    i put in the network parameters:
    hostname 10.0.10.22 (ip address of my Apache DS)
    port 10389

second screen i choose the same parameters given in the guide expect for
KDC Host : i put the IP address of my ApacheDS.

and when i test the authentication i got the above error message.

so i tried also to run this command on the server : ldapsearch -b
"dc=example,dc=com" "(uid=hnelson)" -Y GSSAPI
i got this output:
                  # ldapsearch -b "dc=example,dc=com" "(uid=hnelson)" -Y
GSSAPI
                    ldap_sasl_interactive_bind_s: Unknown authentication
method (-6)


what can be the problem.

thank you again.

Re: ApacheDS and kerberos problems

Reply via email to