On Fri, Jun 25, 2010 at 10:37 AM, lkecir <[email protected]> wrote: > thank you. > > I made the changes you told me but still not working. > my kinit doesn't work > > # kinit [email protected] > kinit(v5): Client or server has a null key while getting initial > credentials > > tail -f /var/lib/apacheds-1.5.7/default/log/apacheds-rolling.log > > [10:15:29] DEBUG > [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] > - Session will use encryption type des-cbc-md5 (3). > [10:15:29] DEBUG > [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - > Found entry ServerEntry > dn[n]: uid=hnelson,ou=Users,dc=example,dc=com > objectClass: organizationalPerson > objectClass: person > objectClass: krb5Principal > objectClass: inetOrgPerson > objectClass: krb5KDCEntry > objectClass: top > uid: hnelson > sn: Nelson > krb5PrincipalName: [email protected] > krb5KeyVersionNumber: 0 > cn: Horatio Nelson > userPassword: '0x73 0x65 0x63 0x72 0x65 0x74 ' > for kerberos principal name [email protected]
It's pretty clear: the krb5Key attribute wasn't created. It is important that you activate the "keyDerivationInterceptor" before you create the principal entries. Please make sure that the interceptor is activated in server.xml, then delete the entries in ApacheDS and import them again. Then double check that the krb5Key attribute for all entries was created. Kind Regards, Stefan
