Re: [Studio] Apache Directory Studio not able to authenticate using GSSAPI (Kerberos)

[Stefan Seelmann <ma...@stefan-seelmann.de>]

On 10/15/2016 03:29 PM, Stefan Seelmann wrote:
> On 10/15/2016 11:14 AM, Ali, Saqib wrote:
>> Hello everyone,
>>
>> Any help with this?
> 
> Not yet.
> 
> I started to build a test environment (I plan Docker containers with a
> KDC) but didn't finish yet. But I'm not able to test against an Active
> Directory because I don't have one available.

I'm done with the tests and I'm happy that it works. I run an ApacheDS
as KDC, do a kinit to get the TGT which is then stored in credentials
cache in /tmp/krb5cc_1000. Then in Studio Kerberos connection properties
I configured "Use native TGT" and "Use native system configuration" and
finally the authentication worked.

While writing the tests I also got your error mesage "Unable to obtain
Principal Name for authentication". This means that Studio/Java cannot
read the credential cache. Please make sure that you run kinit and your
/tmp/krb5cc_uid exists and is readable. Another issue when I got this
error message within the Docker container was that there was no entry in
/etc/passwd for my user and then Java could not resolve user.name to the
uid.

I hope this helps you a bit to get a step further.

Kind Regards,
Stefan