You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by "Martin Schuster (IFKL IT OS DSM CD)" <Ma...@infineon.com> on 2008/03/05 14:54:03 UTC
[ApacheDS] Kerberos Interceptor (was: Re: [ApacheDS] Password not
correct for user)
Emmanuel Lecharny wrote:
> [...]
> The ldappasswd is using an extended request, described by RFC 3062. I
> _think_ we support this RFC, but it may be buggy (I don't remember last
> time we tested it... was far to away in the past :).
>
> I suggest you fill a JIRA so that we check and eventually fix a
> potential issue of the next release (1.5.3).
>
> I gonna check what's going on with this request anyway, but for the
> record, I would really appreciate a JIRA !
>
Thanks for your reply Emmanuel, I just filed
https://issues.apache.org/jira/browse/DIRSERVER-1143
So, if I can't use ldappasswd, how do I change the password
in such a way that the
org.apache.directory.server.core.kerberos.KeyDerivationService
can do its magic?
If I change it using the attribute-editor in ADStudio, no other attributes get
changed and/or created. Or is there something wrong with my user-entry?
Thanks,
--
Martin Schuster
Infineon Technologies IT-Services GmbH
Tel: +43 5 1777 3517
<Ma...@infineon.com>
Lakeside B05
9020 Klagenfurt, Austria
FB: LG Klagenfurt, FN 246787y
VISIT US AT http://www.infineon.com/austria
Re: [ApacheDS] Kerberos Interceptor
Posted by "Martin Schuster (IFKL IT OS DSM CD)" <Ma...@infineon.com>.
Emmanuel Lecharny wrote:
> You may use Apache Directory Studio, but you will have to extend the
> server to deal with Kerberos KeyDerivationService. This is done by
> adding this interceptor to the configuration :
>
> KeyDerivationInterceptor ( class
> org.apache.directory.server.core.kerberos.KeyDerivationInterceptor )
>
Already did this:
<bean
class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
<property name="name" value="keyDerivationService" />
<property name="interceptorClassName"
value="org.apache.directory.server.core.kerberos.KeyDerivationService" />
</bean>
but it doesn't seem to work :(
> This can be done with the Studio too (just open your server.xml file,
> and modify the interceptor list).
>
Wow. I'm very impressed. I just thought this would result in some nice
XML-editor-view, but that's a server-configuration-GUI. Nice!
> I'm sorry to tell you that you are testing a very alpha part of the
> server... You may feel like a ginea pig here ;) [...]
>
np, but I guess I'll start setting up LDAP+Kerberos with the good old
MIT-combo (openldap and MIT-kerberos) parallel to testing ApacheDS, I need to
have this thing up and running in the next few days :)
But as soon as someone can give me a hint how to get the interceptor
working I'll continue trying, so: Any hints? :))
tia,
--
Martin Schuster
Infineon Technologies IT-Services GmbH
Tel: +43 5 1777 3517
<Ma...@infineon.com>
Lakeside B05
9020 Klagenfurt, Austria
FB: LG Klagenfurt, FN 246787y
VISIT US AT http://www.infineon.com/austria
Re: [ApacheDS] Kerberos Interceptor
Posted by Emmanuel Lecharny <el...@gmail.com>.
Martin Schuster (IFKL IT OS DSM CD) wrote:
> Thanks for your reply Emmanuel, I just filed
> https://issues.apache.org/jira/browse/DIRSERVER-1143
>
Ok, I looked at it. Thank for this repport !
> So, if I can't use ldappasswd, how do I change the password
> in such a way that the
> org.apache.directory.server.core.kerberos.KeyDerivationService
> can do its magic?
>
You may use Apache Directory Studio, but you will have to extend the
server to deal with Kerberos KeyDerivationService. This is done by
adding this interceptor to the configuration :
KeyDerivationInterceptor ( class
org.apache.directory.server.core.kerberos.KeyDerivationInterceptor )
This can be done with the Studio too (just open your server.xml file,
and modify the interceptor list).
I'm sorry to tell you that you are testing a very alpha part of the
server... You may feel like a ginea pig here ;) I'm not also very deeply
involved in this part of the server, so my answers might be misleaded ...
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org