Thank you very much for the quick response! It turns out that for some reason KDC was not properly started. I have turned it off/on and restarted ApacheDS.
Now I see the ApacheKDC logo on startup and the keys are properly generated. Merci beaucoup! Alexandre Beaupré > Date: Mon, 3 Feb 2014 01:01:15 +0100 > From: [email protected] > To: [email protected] > Subject: Re: Kerberos keys generation > > Hi Alexandre, > > yes, the KeyDerivationInterceptor must be enabled. It should be done > when you activate the kerberos server (and if it's not the case, then > it's a bug). You can activateit by changing the ads-enabled attribute > from FALSE to TRUE in the > ads-interceptorId=keyDerivationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config > entry and restarting the server. > > > Le 2/2/14 10:16 PM, Alexandre Beaupre a écrit : > > Hi all, > > > > > > I have recently downloaded ApacheDS 2.0.0-M15 to test Kerberos > > authentification and GSS-API. > > > > > > I have tried following the Kerberos user guide, but I am unable to > > authenticate myself using kinit, I get > > > > "krb_error 9 The client or server has a null key (9) - The client or server > > has a null key” > > > > > > > > > > I exported the corresponding LDAP entry, and I got > > > > > > dn: uid=hnelson,ou=Users,dc=example,dc=com > > objectClass: top > > objectClass: inetOrgPerson > > objectClass: krb5KDCEntry > > objectClass: person > > objectClass: krb5Principal > > objectClass: organizationalPerson > > cn: Horatio Nelson > > krb5KeyVersionNumber: 0 > > krb5PrincipalName: [email protected] > > sn: Nelson > > uid: hnelson > > > > > > > > > > I’m guessing that my problem is that the krb5keys attributes are missing ? > > However the documentation states that they should be generated > > automatically… Is there a configuration I need to activate ? > > > > > > I’m using Apache Directory Studio and I have made sure that the "Enable > > Kerberos" box was checked and that all Encryptions Types were checked under > > the Kerberos Tab. > > > > > > From older post, I have seen reference to configuring a > > keyDerivationInterceptor in a server.xml file, but I’m not sure if this > > applies to version 2.0.0 of ApacheDS as I cannot find any server.xml file. > > > > > > Can anybody give me a pointer as to why my krb5keys attribute are not > > generated ? > > > > > > Thank you very much! > > > > Alexandre Beaupré > > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com >
