qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From eugene <eugen.ra...@gmail.com>
Subject Re: qpidd 0.14 + Kerberos + Active Directory on Windows 2003 Server
Date Tue, 31 Jul 2012 09:15:17 GMT
Hello Gordon,

There are more details from me if helpful. Seems like a bug in your
libraries (or a setting is missing) but not sure..

So after I do kinit vmvmrg, and then klist, I get this:


Ticket cache: FILE:/tmp/krb5cc_0
Default principal: vmvmrg@OURDOMAIN.COM

Valid starting     Expires            Service principal
07/31/12 04:58:46  07/31/12 14:58:41  krbtgt/OURDOMAIN.COM@OURDOMAIN.COM
        renew until 08/01/12 04:58:46


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached


Then I issue : kvno qpidd/vmvmrg@OURDOMAIN.COM and then klist shows this:


Ticket cache: FILE:/tmp/krb5cc_0
Default principal: vmvmrg@OURDOMAIN.COM

Valid starting     Expires            Service principal
07/31/12 04:58:46  07/31/12 14:58:41  krbtgt/OURDOMAIN.COM@OURDOMAIN.COM
        renew until 08/01/12 04:58:46
07/31/12 05:01:19  07/31/12 14:58:41  qpidd/vmvmrg@OURDOMAIN.COM
        renew until 08/01/12 04:58:46


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached


Yup, I have the second ticket now, so it should work.

Start the broker:

qpidd --auth yes --realm OURDOMAIN.COM --log-enable debug+ 

And issue the qpid-perftest:

qpid-perftest --mechanism GSSAPI --broker vmvmrg --count 1 --trace

It throws Authentication Failed, then I check the logs:

info SASL: Starting authentication with mechanism: GSSAPI
2012-07-31 05:06:09 warning Failed to retrieve sasl username
2012-07-31 05:06:09 info SASL: Authentication failed (no username available
yet):SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. 
Minor code may provide more information (No such file or directory)

So I should specify the SASL username? I should send a Ticket, that the
whole point of Kerberos not Username..

Thank You,
Eugene.



--
View this message in context: http://apache-qpid-developers.2158895.n2.nabble.com/qpidd-0-14-Kerberos-Active-Directory-on-Windows-2003-Server-tp7581381p7581478.html
Sent from the Apache Qpid developers mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message