Hi there,
I would like to implement a Kerby-based KDC using LDAP as authentication
back-end.
I based my code on [1] and [2] and what I have now is a KDC listening on
8888 which can be queried via standard kinit / klist linux commands.
The server is initialized as shown in [3].
All is fine when I add a principal as follows:
kadmin.addPrincipal(alice, "alice");
File keytabFile = new File(workDir + "/alice.keytab");
kadmin.exportKeytab(keytabFile, alice);
and then authenticate via
kinit alice@AD4EI
and provide "alice" as password.
I also notice that the user
uid=alice,ou=People,o=isp
is created on LDAP, with appropriate object classes but empty password.
When I set a password on such user on LDAP, different from "alice"
above, I cannot manage kinit to work.
While looking at LdapIdentityBackend source [4], effectively, I don't
see any code managing user authentication, so maybe I am just doing
something wrong.
Can you provide some insight? Thanks.
Regards.
Side note: why is the Maven artifact ldap-backend depending on Apache
DS? What if one wants to use Kerby with OpenLDAP, for example?
[1]
https://github.com/coheigea/testcases/blob/master/apache/bigdata/kerberos/src/test/java/org/apache/coheigea/bigdata/kerberos/storm/StormKerbyTest.java
[2]
https://github.com/apache/directory-kerby/blob/trunk/kerby-backend/ldap-backend/src/test/java/org/apache/kerby/kerberos/kerb/identity/backend/LdapBackendKdcTest.java
[3] https://paste.apache.org/ep0B
[4]
https://github.com/apache/directory-kerby/blob/trunk/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
