[ApacheDS] Kerberos Interceptor (was: Re: [ApacheDS] Password not correct for user)

["Martin Schuster (IFKL IT OS DSM CD)" <Ma...@infineon.com>]

Emmanuel Lecharny wrote:
> [...]
> The ldappasswd is using an extended request, described by RFC 3062. I
> _think_ we support this RFC, but it may be buggy (I don't remember last
> time we tested it... was far to away in the past :).
> 
> I suggest you fill a JIRA so that we check and eventually fix a
> potential issue of the next release (1.5.3).
> 
> I gonna check what's going on with this request anyway, but for the
> record, I would really appreciate a JIRA !
> 
Thanks for your reply Emmanuel, I just filed
https://issues.apache.org/jira/browse/DIRSERVER-1143

So, if I can't use ldappasswd, how do I change the password
in such a way that the
org.apache.directory.server.core.kerberos.KeyDerivationService
can do its magic?

If I change it using the attribute-editor in ADStudio, no other attributes get
changed and/or created. Or is there something wrong with my user-entry?

Thanks,
-- 
Martin Schuster
Infineon Technologies IT-Services GmbH
Tel: +43 5 1777 3517
<Ma...@infineon.com>

Lakeside B05
9020 Klagenfurt, Austria

FB: LG Klagenfurt, FN 246787y

VISIT US AT http://www.infineon.com/austria

Re: [ApacheDS] Kerberos Interceptor

["Martin Schuster (IFKL IT OS DSM CD)" <Ma...@infineon.com>]

Emmanuel Lecharny wrote:
> You may use Apache Directory Studio, but you will have to extend the
> server to deal with Kerberos KeyDerivationService. This is done by
> adding this interceptor to the configuration :
> 
> KeyDerivationInterceptor ( class
> org.apache.directory.server.core.kerberos.KeyDerivationInterceptor )
> 
Already did this:
<bean
class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
    <property name="name" value="keyDerivationService" />
    <property name="interceptorClassName"
value="org.apache.directory.server.core.kerberos.KeyDerivationService" />
</bean>

but it doesn't seem to work :(

> This can be done with the Studio too (just open your server.xml file,
> and modify the interceptor list).
> 
Wow. I'm very impressed. I just thought this would result in some nice
XML-editor-view, but that's a server-configuration-GUI. Nice!

> I'm sorry to tell you that you are testing a very alpha part of the
> server... You may feel like a ginea pig here ;) [...]
>
np, but I guess I'll start setting up LDAP+Kerberos with the good old
MIT-combo (openldap and MIT-kerberos) parallel to testing ApacheDS, I need to
have this thing up and running in the next few days :)

But as soon as someone can give me a hint how to get the interceptor
working I'll continue trying, so: Any hints? :))

tia,
-- 
Martin Schuster
Infineon Technologies IT-Services GmbH
Tel: +43 5 1777 3517
<Ma...@infineon.com>

Lakeside B05
9020 Klagenfurt, Austria

FB: LG Klagenfurt, FN 246787y

VISIT US AT http://www.infineon.com/austria

Re: [ApacheDS] Kerberos Interceptor

[Emmanuel Lecharny <el...@gmail.com>]

Martin Schuster (IFKL IT OS DSM CD) wrote:
> Thanks for your reply Emmanuel, I just filed
> https://issues.apache.org/jira/browse/DIRSERVER-1143
>   
Ok, I looked at it. Thank for this repport !
> So, if I can't use ldappasswd, how do I change the password
> in such a way that the
> org.apache.directory.server.core.kerberos.KeyDerivationService
> can do its magic?
>   
You may use Apache Directory Studio, but you will have to extend the 
server to deal with Kerberos KeyDerivationService. This is done by 
adding this interceptor to the configuration :

KeyDerivationInterceptor ( class 
org.apache.directory.server.core.kerberos.KeyDerivationInterceptor )

This can be done with the Studio too (just open your server.xml file, 
and modify the interceptor list).

I'm sorry to tell you that you are testing a very alpha part of the 
server... You may feel like a ginea pig here ;) I'm not also very deeply 
involved in this part of the server, so my answers might be misleaded ...


-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org