Thank you, I am trying out ApacheDS 2.0.0-M17 as you suggest. Configuration seems easier there...
Regarding the unit test. For my own wrapper I will need to write, in what environment would I execute the class to get the keytab for a user? Do I just run a main class in my own JVM? Does it need access to something on the file system, or is there someway that I can deploy and invoke the code from the ApacheDS server program? Thanks Le 23/07/2014 23:17, Brian Laskey a écrit : > I would like to try to use an existing Apache DS 1.5.7 server that my team > had, and add in the built in Kerberos server support (KDC). After following > a number of tutorials, I think I am somewhat there. I have principals in > Apache DS under an example.com domain. I would seriously suggest you switch to a more recent version. 1.5.7 is more than 4 years old, and a hell lot of work has been injected in the server, including a complete rewrote of most of the kerberos code... > > My goal is to integrate with WebSphere Security Kerberos configuration (WAS > 8.5.0.1). As part of the information required by WebSphere you must provide: > - The Kerberos keytab file contains one or more Kerberos service principal > names and keys. This same file is used for both Kerberos authentication and > SPNEGO web authentication > > This seems to be a command line utility with the MIT krb5 server that would > do this (ktadd ...). Is there an equivalent approach with Apache DS? I was > unable to find documentation around this. We have a class taht does update a Keytab file, it's not documented. There is a unit test that show how to use it from a piece of Java code : http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java?revision=1589929&view=markup It probbaly deserves some wrapper around it.
