[jboss-user] [Security] - Re: Problem with Negotiation-toolkit with LDAP
nulltransfer
do-not-reply at jboss.com
Mon Aug 31 11:17:00 EDT 2009
Lets begin by testing your keytab file.
Create a text file in C:\windows\krb5.ini with the following contents:
| [libdefaults]
| default_realm = COMPANY.NL
| dns_lookup_realm = false
| dns_lookup_kdc = false
| default_tkt_enctypes=RC4-HMAC
| default_tgs_enctypes=RC4-HMAC
|
| [realms]
| COMPANY.NL = {
| kdc = 5.21.8.10
| admin_server = 127.0.0.1
| default_domain = COMPANY.NL
| }
|
| [domain_realm]
| .company.nl = COMPANY.NL
| company.nl = COMPANY.NL
|
| [appdefaults]
| autologin = true
| forward = true
| forwardable = true
| encrypt = true
|
Edit the above contents to match your system.
Then open command prompt, and browser to your JAVA_HOME\bin. Run the following command using kinit.exe:
| Kinit <kerberos principal name>
|
e.g. kinit myuser at mycompany.nl It will then prompt you for a password.
If that works, then test your keytab file by running the below command:
| Kinit âk -t <keytab output path> <kerberos principal name>
|
If your keytab is correct, you should get "new ticket stored in cache".
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4252660#4252660
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4252660
More information about the jboss-user
mailing list