Hi, I was following ApacheDS 2.0 Kerberos User's Guide section 4 instructions to set up Kerberos authentication using ApacheDS provided Kerberos services and to use Apache Directory Studio to bind with Kerberos. With the debugging turned on, it looked like it has successfully got through the Kerberos ticket prodessing and the client sent the BIND_REQUEST to the LDAP service with the ticket obtained from TGS. However during the BIND_REQUEST processing, which I thought that should've succeeded, the following error occurred:
jvm 1 | [15:45:23] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - Unexpected excep tion forcing session to close: sending disconnect notice to client. jvm 1 | java.security.PrivilegedActionException: javax.security.sasl.SaslException: Failure to in itialize security context [Caused by GSSException: Invalid name provided (Mechanism level: Could not load configuration file C:\Windows\krb5.ini (The system cannot find the file specified))] jvm 1 | at java.security.AccessController.doPrivileged(Native Method) jvm 1 | at javax.security.auth.Subject.doAs(Unknown Source) jvm 1 | at org.apache.directory.server.ldap.handlers.bind.gssapi.GssapiMechanismHandler.hand leMechanism(GssapiMechanismHandler.java:74) jvm 1 | at org.apache.directory.server.ldap.handlers.request.BindRequestHandler.handleSaslAu th(BindRequestHandler.java:560) I'm wondering why it was looking for Wnidows krb5.ini while I'm using all ApacheDS provided Kerberos services esepcially after it has gone through tickets granting? Was this a bug or I missed anything in configuration? Appreciate any help. Gang
