Hi Folks,
I'm afraid I'm not much good on GSSAPI, but I can tell you that
unless you've messed around a lot with the configuration, JXplorer
will only use it's own keystores for the SSL connection; so all you
have to worry about is what's in the CA certificate keystore and your
private keys keystore.
however GSSAPI is something of a black art as far as I'm
concerned :-).
- Chris
On 12/07/2006, at 12:17 AM, Sergio Gelato wrote:
> * Mike Langhorst [2006-07-11 06:39:42 -0700]:
>> My reply to the list seemed to bounce:
>
> Try removing the spurious -request.
>
>> Well if it's ssl that's failing, do you have a cert database setup
>> to trust
>> the ssl certificate of the server?
>
> I did add my local CA certificate (the one that signed my LDAP server
> cert) to JXplorer's cacerts file. That did not solve the problem.
> I haven't fully researched this yet (it hasn't been a high priority
> for me),
> but I believe some extra Java-side configuration is required to
> make JXplorer
> use SSL with GSSAPI. This must have been discussed on the mailing list
> in the past. In principle it's not too bad since GSSAPI has its own
> way of
> negotiating integrity and (if desired) confidentiality. (Whether
> JXplorer may have implementation flaws in this area is another
> question.)
>
>> Not sure how to accomplish this with JXplorer, but unless you have
>> a cert
>> signed by one of the big players (Verisign, Thawte, etc), apps
>> usually won't
>> trust the server certificate to allow you to create this ssl
>> connection.
>
> Unless JXplorer pays attention to the Java VM's cacerts file (and I
> hope
> it doesn't: it has its own private cacerts file for a reason), even
> the big
> players won't be trusted by default.
>
>> On 7/11/06, Sergio Gelato <[EMAIL PROTECTED]> wrote:
>>>
>>> * Ron Rademaker [2006-07-11 09:45:09 +0200]:
>>>> Thanks, that worked a little bit. But now I get a new error message
>>>> (after typing my kerberos password):
>>>>
>>>> Error opening connection:
>>>> null
>>>>
>>>> java.lang.NullPointerException
>>>> at com.ca.commons.jndi.JNDIOps.setContext(JNDIOps.java:1564)
>>>> at com.ca.commons.jndi.JNDIOps.setupKerberosContext
>>>> (JNDIOps.java:131)
>>>> at com.ca.commons.jndi.JNDIOps.<init>(JNDIOps.java:97)
>>>
>>>> From the line numbers you seem to be using the 3.1 release.
>>> It would appear that
>>> javax.security.auth.Subject.doAs(lc.getSubject(), new JndiAction
>>> (env))
>>> is returning null; the question is why. The JndiAction(env)
>>> constructor
>>> returns whatever javax.naming.directory.InitialDirContext(env)
>>> returns.
>>> In other words, it's the LDAP connection establishment that's
>>> failing.
>>> Did you specify the right hostname and port number for your LDAP
>>> server?
>>>
>>> (I get the exact same error if I specify the wrong port number. Port
>>> 636 counts as "wrong" here for some reason, even though my LDAP
>>> server
>>> is SSL-enabled, but port 389 works for me.)
>>>
>>>
>>> --------------------------------------------------------------------
>>> -----
>>> Using Tomcat but need to do more? Need to support web services,
>>> security?
>>> Get stuff done quickly with pre-integrated technology to make
>>> your job
>>> easier
>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache
>>> Geronimo
>>> http://sel.as-us.falkag.net/sel?
>>> cmd=lnk&kid=120709&bid=263057&dat=121642
>>> _______________________________________________
>>> Jxplorer-users mailing list
>>> Jxplorer-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/jxplorer-users
>>>
>
>
> ----------------------------------------------------------------------
> ---
> Using Tomcat but need to do more? Need to support web services,
> security?
> Get stuff done quickly with pre-integrated technology to make your
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache
> Geronimo
> http://sel.as-us.falkag.net/sel?
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Jxplorer-users mailing list
> Jxplorer-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/jxplorer-users
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Jxplorer-users mailing list
Jxplorer-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jxplorer-users
