Hi Alexandre, yes, the KeyDerivationInterceptor must be enabled. It should be done when you activate the kerberos server (and if it's not the case, then it's a bug). You can activateit by changing the ads-enabled attribute from FALSE to TRUE in the ads-interceptorId=keyDerivationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config entry and restarting the server.
Le 2/2/14 10:16 PM, Alexandre Beaupre a écrit : > Hi all, > > > I have recently downloaded ApacheDS 2.0.0-M15 to test Kerberos > authentification and GSS-API. > > > I have tried following the Kerberos user guide, but I am unable to > authenticate myself using kinit, I get > > "krb_error 9 The client or server has a null key (9) - The client or server > has a null key” > > > > > I exported the corresponding LDAP entry, and I got > > > dn: uid=hnelson,ou=Users,dc=example,dc=com > objectClass: top > objectClass: inetOrgPerson > objectClass: krb5KDCEntry > objectClass: person > objectClass: krb5Principal > objectClass: organizationalPerson > cn: Horatio Nelson > krb5KeyVersionNumber: 0 > krb5PrincipalName: hnel...@example.com > sn: Nelson > uid: hnelson > > > > > I’m guessing that my problem is that the krb5keys attributes are missing ? > However the documentation states that they should be generated automatically… > Is there a configuration I need to activate ? > > > I’m using Apache Directory Studio and I have made sure that the "Enable > Kerberos" box was checked and that all Encryptions Types were checked under > the Kerberos Tab. > > > From older post, I have seen reference to configuring a > keyDerivationInterceptor in a server.xml file, but I’m not sure if this > applies to version 2.0.0 of ApacheDS as I cannot find any server.xml file. > > > Can anybody give me a pointer as to why my krb5keys attribute are not > generated ? > > > Thank you very much! > > Alexandre Beaupré -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
