[jboss-user] [Security] - Re: Problem with Negotiation-toolkit with LDAP

nulltransfer do-not-reply at jboss.com
Mon Aug 31 11:17:00 EDT 2009


Lets begin by testing your keytab file.

Create a text file in C:\windows\krb5.ini with the following contents:

  | [libdefaults]
  | default_realm = COMPANY.NL
  | dns_lookup_realm = false
  | dns_lookup_kdc = false
  | default_tkt_enctypes=RC4-HMAC
  | default_tgs_enctypes=RC4-HMAC
  | 
  | [realms]
  | COMPANY.NL = {
  | kdc = 5.21.8.10
  | admin_server = 127.0.0.1
  | default_domain = COMPANY.NL
  | }
  | 
  | [domain_realm]
  | .company.nl = COMPANY.NL
  | company.nl = COMPANY.NL
  | 
  | [appdefaults]
  | autologin = true
  | forward = true
  | forwardable = true
  | encrypt = true
  | 

Edit the above contents to match your system.

Then open command prompt, and browser to your JAVA_HOME\bin.  Run the following command using kinit.exe:


  | Kinit <kerberos principal name>
  | 
e.g. kinit myuser at mycompany.nl  It will then prompt you for a password.


If that works, then test your keytab file by running the below command:


  | Kinit –k -t <keytab output path> <kerberos principal name> 
  | 

If your keytab is correct, you should get "new ticket stored in cache".


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4252660#4252660

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4252660




More information about the jboss-user mailing list