directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karim Hosny <karim.ho...@its.ws>
Subject RE: Adding user to Active Directory with Kerberos binding
Date Thu, 26 Mar 2015 13:40:21 GMT
Got it, thanks Kiran


-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org] 
Sent: Thursday, March 26, 2015 3:36 PM
To: api@directory.apache.org
Subject: Re: Adding user to Active Directory with Kerberos binding

On Thu, Mar 26, 2015 at 9:30 PM, Karim Hosny <karim.hosny@its.ws> wrote:

>
> Let me rephrase my question.
>
> When I use SaslGssApi it means that I use Kerberos for authentication 
> to the LDAP server, now this authentication process doesn't it use a 
> secure connection or is it done in plain text? And if it does use 
> secure connection then I shouldn't call the method startTLS() to 
> create a secure layer right?
>
> it is performed on an insecured connection, and kerberos doesn't need 
> a
secure connection

> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Thursday, March 26, 2015 3:20 PM
> To: api@directory.apache.org
> Subject: Re: Adding user to Active Directory with Kerberos binding
>
> On Thu, Mar 26, 2015 at 9:06 PM, Karim Hosny <karim.hosny@its.ws> wrote:
>
> >
> >
> > Hi Kiran,
> >
> > I didn't get any errors im just not sure that the proper way to 
> > create a secure connection over kerberos authentication is calling 
> > the method startTLS.
> >
> > I tried to call startTLS after successful kerberos authentication 
> > and it worked fine, but is the proper way? Should SaslGssApi create 
> > the startTLS, I believe kerberos authentication requires creating a 
> > secure communication to transfer the tickets, correct?
> >
> > sorry this is a very vague question, can't explain about how you can 
> > use
> kerberos here,
> you need to do your homework on what you want to achieve and be 
> precise on where you are stuck, then it is easier to help if we can.
>
> > Karim
> > -----Original Message-----
> > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> > Sent: Thursday, March 26, 2015 12:40 PM
> > To: api@directory.apache.org
> > Subject: Re: Adding user to Active Directory with Kerberos binding
> >
> > On Thu, Mar 26, 2015 at 3:49 PM, Karim Hosny <karim.hosny@its.ws> wrote:
> >
> > > Hi,
> > >
> > > So I got the certificates working and apache Directory working 
> > > fine over secure connection using startTLS and im able to add 
> > > users, but I need also to bind using Kerberos and add users but it 
> > > fails when I try it, my guess it requires to call startTLS 
> > > probably, but from what I understood you either connect using 
> > > startTLS or saslGssApi
> correct?
> > >
> > bind using SaslGssApiRequest , let us know what error you got
> >
> > >
> > > How can I bind using kerberos and be able to perform secure 
> > > sensitive operations?
> > >
> > > Thanks,
> > > Karim
> > >
> > >
> >
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>



--
Kiran Ayyagari
http://keydap.com
Mime
View raw message