Got it, thanks Kiran
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Thursday, March 26, 2015 3:36 PM
To: api@directory.apache.org
Subject: Re: Adding user to Active Directory with Kerberos binding
On Thu, Mar 26, 2015 at 9:30 PM, Karim Hosny <karim.hosny@its.ws> wrote:
>
> Let me rephrase my question.
>
> When I use SaslGssApi it means that I use Kerberos for authentication
> to the LDAP server, now this authentication process doesn't it use a
> secure connection or is it done in plain text? And if it does use
> secure connection then I shouldn't call the method startTLS() to
> create a secure layer right?
>
> it is performed on an insecured connection, and kerberos doesn't need
> a
secure connection
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Thursday, March 26, 2015 3:20 PM
> To: api@directory.apache.org
> Subject: Re: Adding user to Active Directory with Kerberos binding
>
> On Thu, Mar 26, 2015 at 9:06 PM, Karim Hosny <karim.hosny@its.ws> wrote:
>
> >
> >
> > Hi Kiran,
> >
> > I didn't get any errors im just not sure that the proper way to
> > create a secure connection over kerberos authentication is calling
> > the method startTLS.
> >
> > I tried to call startTLS after successful kerberos authentication
> > and it worked fine, but is the proper way? Should SaslGssApi create
> > the startTLS, I believe kerberos authentication requires creating a
> > secure communication to transfer the tickets, correct?
> >
> > sorry this is a very vague question, can't explain about how you can
> > use
> kerberos here,
> you need to do your homework on what you want to achieve and be
> precise on where you are stuck, then it is easier to help if we can.
>
> > Karim
> > -----Original Message-----
> > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> > Sent: Thursday, March 26, 2015 12:40 PM
> > To: api@directory.apache.org
> > Subject: Re: Adding user to Active Directory with Kerberos binding
> >
> > On Thu, Mar 26, 2015 at 3:49 PM, Karim Hosny <karim.hosny@its.ws> wrote:
> >
> > > Hi,
> > >
> > > So I got the certificates working and apache Directory working
> > > fine over secure connection using startTLS and im able to add
> > > users, but I need also to bind using Kerberos and add users but it
> > > fails when I try it, my guess it requires to call startTLS
> > > probably, but from what I understood you either connect using
> > > startTLS or saslGssApi
> correct?
> > >
> > bind using SaslGssApiRequest , let us know what error you got
> >
> > >
> > > How can I bind using kerberos and be able to perform secure
> > > sensitive operations?
> > >
> > > Thanks,
> > > Karim
> > >
> > >
> >
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
--
Kiran Ayyagari
http://keydap.com
|