I succeed to get the token with the kinit. So my krb5.conf should be good. Whens LSC prompts the username/password, i give it the account/password (same as the token) and everything is fine.
But LSC should not ask the user and use the token. Does someone here managed to use LSC with a Kerberos which is using Keyring and not the local file ? Regards, ____________________________________________________________________ Sébastien Bourles Intégrateur de solution | CSD Capgemini FRANCE | Cesson-Sévigné Tel.: +33 2 99 27 82 23 www.capgemini.com 7 Rue Claude Chappe, Rennes Atalante Champs Blancs _______________________________________________________________________ Connect with Capgemini: Please consider the environment and do not print this email unless absolutely necessary. Capgemini encourages environmental awareness. -----Message d'origine----- De : lsc-users <lsc-users-boun...@lists.lsc-project.org> De la part de Soisik Froger Envoyé : mardi 21 janvier 2020 17:02 À : lsc-users@lists.lsc-project.org Objet : Re: [lsc-users] Kerberos authentification On 21/01/2020 16:03, BOURLES, Sebastien wrote: > Hi, > > In both case i have this result : > > Search Subject for Kerberos V5 INIT cred (<<DEF>>, > sun.security.jgss.krb5.Krb5InitCredential) > No Subject >>>> KinitOptions cache name is KEYRING:persistent:1703201155 > Kerberos username [lsc]: > > Regards Did you do a kinit before calling the LSC command ? What is the principal name of your user, as configured in lsc.xml, does it have the @realm in its name ? Is your /etc/krb5.conf properly set? I search a bit for this kind of issue and could I see lots of people are having similar problem with Kerberos auth in Java. Unfortunately I don't have any environment handy for testing nor a large experience of configuring LSC to use kerberos, but maybe someone else on this list may have some insight. Regards. -- Soisik Froger | Software Architect soisik.fro...@worteks.com Worteks | https://www.worteks.com _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
