Hi, on OSX I have a problem connecting from the Apache Studio to an OpenLDAP Server using GSSAPI.
First: in principle GSSAPI auth works; I can log into other workstations without password using GSSAPI, I can also authenticate to web-pages (Apache2 Web-Server with auth_kerberos plugin) with no problem. Also: If I start ApacheStudio on one of our Linux work-stations then GSSAPI just works out of the box with no problems. But on OSX I have "multiple" problem A) with settings Kerberos: native TGT Other settings do not matter, this always triggers the error javax.security.auth.login.LoginException: Unable to obtain Principal Name for authentication B) get TGT from KDC, SASL only auth, encryption strenngth low, other settings do not matter javax.security.auth.login.LoginException: KDC has no support for encryption type (14) Is there a way to get out of ADS the information which encryption type it has tried? Has maybe someone else on this list experienced similar problems (or a working GSSAPI configuration on OSX) and is willing to share the solution or the configuration? I know that for serious debugging more information is needed than is contained in this email. But before wasting man-hours for debugging the first question is, whether there is an obvious pitfall which can be solved easily, like "Yeah, its clear, on OSX you have to do a-b-c in order to make Java applications work with GSSAPI and Heimdal KDC". Cheers, Claus -- Claus-Justus Heine hims...@claus-justus-heine.de http://www.claus-justus-heine.de/ Schatzmeister der Camerata Academica Freiburg e.V. --- www.cafev.de
