[kerberos] How to configure? (Re: is a org.apache.ldap.server.configuration.Configuration required in every JNDI connection?)

[Alex Karasulu <ao...@bellsouth.net>]

Hi Mark,

Please try to maintain nettiquette by using a prefix and a descriptive 
email subject.  That way the proper people can address your concerns 
rapidly.  Also you tacked on your questions to an existing email 
thread.  People may ignore it if its in a thread they are not interested 
in.  Coming out and saying it's regarding the Kerberos server may 
trigger people to respond.

I understand though that your problem was related to configuration.  
Just trying to give pointers on how you can get the best response 
quickest.  Please don't take this personally or as a hazing its just the 
way we do things here - I would recommend this to anyone :-).

Mark Wilcox wrote:

>Is there a Wiki page or URL  (or a simple mail message :)) -- to show
>how to enable the Kerberos service provider? I want to minimic a dual
>KDC setup (this is common in Active Directory implementations in
>higher ed where you have one AD tree for students and another for
>staff). ApacheDS seems to be the simplest approach.
>
>  
>
You can turn it on in 0.9 using Kerberos specific properties using 
EnvKeys.ENABLE_KERBEROS set to true or on.  This will start the embedded 
Kerberos server.  Other properties also exist for configuring the KDC.  
These properties are found in the KdcConfiguration.  Perhaps Enrique has 
a wiki page out there on this stuff where these properties documented.

For now look at KdcConfiguration for 0.9.  It extracts properties from 
the environment given to it in the constructor if you look here:

http://svn.apache.org/viewcvs.cgi/directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/service/KdcConfiguration.java?rev=168482&view=markup

The JNDI provider in the main of apacheds gives these properties to the 
KdcConfiguration and uses that to start the KDC's protocol provider and 
register it with MINA.

>But I can't seem to find any docs on how to actually enable the
>Kerberos service provider.
>  
>
Sorry about that.  We should have the docs out there soon. 

>I'm using the .9 release of ApacheDS.
>  
>

Alex

Re: [kerberos] How to configure? (Re: is a org.apache.ldap.server.configuration.Configuration required in every JNDI connection?)

[Alex Karasulu <ao...@bellsouth.net>]

Mark Wilcox wrote:

>Alex,
>My apologies to f'ing up the subject line :). I'm still getting used
>to Gmail - I swore I updated that subject..
>  
>
No problem at all.  Just want you and others asking the same question to 
be able to get anwers or to dig them up again in an archive. 

Thanks,
Alex

Re: [kerberos] How to configure? (Re: is a org.apache.ldap.server.configuration.Configuration required in every JNDI connection?)

[Mark Wilcox <ma...@gmail.com>]

Alex,
My apologies to f'ing up the subject line :). I'm still getting used
to Gmail - I swore I updated that subject..

Thanks for the reply.

mark

On 6/20/05, Alex Karasulu <ao...@bellsouth.net> wrote:
> Hi Mark,
> 
> Please try to maintain nettiquette by using a prefix and a descriptive
> email subject.  That way the proper people can address your concerns
> rapidly.  Also you tacked on your questions to an existing email
> thread.  People may ignore it if its in a thread they are not interested
> in.  Coming out and saying it's regarding the Kerberos server may
> trigger people to respond.
> 
> I understand though that your problem was related to configuration.
> Just trying to give pointers on how you can get the best response
> quickest.  Please don't take this personally or as a hazing its just the
> way we do things here - I would recommend this to anyone :-).
> 
> Mark Wilcox wrote:
> 
> >Is there a Wiki page or URL  (or a simple mail message :)) -- to show
> >how to enable the Kerberos service provider? I want to minimic a dual
> >KDC setup (this is common in Active Directory implementations in
> >higher ed where you have one AD tree for students and another for
> >staff). ApacheDS seems to be the simplest approach.
> >
> >
> >
> You can turn it on in 0.9 using Kerberos specific properties using
> EnvKeys.ENABLE_KERBEROS set to true or on.  This will start the embedded
> Kerberos server.  Other properties also exist for configuring the KDC.
> These properties are found in the KdcConfiguration.  Perhaps Enrique has
> a wiki page out there on this stuff where these properties documented.
> 
> For now look at KdcConfiguration for 0.9.  It extracts properties from
> the environment given to it in the constructor if you look here:
> 
> http://svn.apache.org/viewcvs.cgi/directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/service/KdcConfiguration.java?rev=168482&view=markup
> 
> The JNDI provider in the main of apacheds gives these properties to the
> KdcConfiguration and uses that to start the KDC's protocol provider and
> register it with MINA.
> 
> >But I can't seem to find any docs on how to actually enable the
> >Kerberos service provider.
> >
> >
> Sorry about that.  We should have the docs out there soon.
> 
> >I'm using the .9 release of ApacheDS.
> >
> >
> 
> Alex
> 
>