Hi all,
I have recently downloaded ApacheDS 2.0.0-M15 to test Kerberos authentification and GSS-API. I have tried following the Kerberos user guide, but I am unable to authenticate myself using kinit, I get "krb_error 9 The client or server has a null key (9) - The client or server has a null key” I exported the corresponding LDAP entry, and I got dn: uid=hnelson,ou=Users,dc=example,dc=com objectClass: top objectClass: inetOrgPerson objectClass: krb5KDCEntry objectClass: person objectClass: krb5Principal objectClass: organizationalPerson cn: Horatio Nelson krb5KeyVersionNumber: 0 krb5PrincipalName: [email protected] sn: Nelson uid: hnelson I’m guessing that my problem is that the krb5keys attributes are missing ? However the documentation states that they should be generated automatically… Is there a configuration I need to activate ? I’m using Apache Directory Studio and I have made sure that the "Enable Kerberos" box was checked and that all Encryptions Types were checked under the Kerberos Tab. From older post, I have seen reference to configuring a keyDerivationInterceptor in a server.xml file, but I’m not sure if this applies to version 2.0.0 of ApacheDS as I cannot find any server.xml file. Can anybody give me a pointer as to why my krb5keys attribute are not generated ? Thank you very much! Alexandre Beaupré
