A sample Kerberos project using ApacheDS directory service.
You should have git installed
$ git clone git://github.com/kwart/kerberos-using-apacheds.git
or you can download current sources as a zip file
You need to have Maven installed
$ cd kerberos-using-apacheds
$ mvn clean package
Launch the generated JAR file. You can put LDIF files as the program arguments:
$ java -jar target/kerberos-using-apacheds.jar test.ldif
You can use property ${hostname}
in the LDIF file and it will be replaced by the canonical server host name:
dn: uid=HTTP,ou=Users,dc=jboss,dc=org
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: krb5principal
objectClass: krb5kdcentry
cn: HTTP
sn: Service
uid: HTTP
userPassword: httppwd
krb5PrincipalName: HTTP/${hostname}@JBOSS.ORG
krb5KeyVersionNumber: 0
The server binds to localhost
by default. If you want to change it, set the Java system property kerberos.bind.address
:
$ java -Dkerberos.bind.address=192.168.0.1 -jar target/kerberos-using-apacheds.jar test.ldif
The application generates simple krb5.conf
file when launched in the current directory. If you want to use another file,
specify the kerberos.conf.path
system property:
$ java -Dkerberos.conf.path=/tmp/krb5.conf -jar target/kerberos-using-apacheds.jar test.ldif
Either configure the JBOSS.ORG realm in the /etc/krb5.conf
or define alternative path using KRB5_CONFIG
system variable
$ export KRB5_CONFIG=/tmp/krb5.conf
Authenticate as a sample user from your LDIF file (test.ldif
)
$ kinit hnelson@JBOSS.ORG
Password for hnelson@JBOSS.ORG: secret
Use stop
command line argument:
$ java -jar target/kerberos-using-apacheds.jar stop
The project contains a simple Kerberos keytab generator:
$ java -classpath kerberos-using-apacheds.jar org.jboss.test.kerberos.CreateKeytab
Kerberos keytab generator
-------------------------
Usage:
java -classpath kerberos-using-apacheds.jar org.jboss.test.kerberos.CreateKeytab <principalName> <passPhrase> [<principalName2> <passPhrase2> ...] <outputKeytabFile>
$ java -classpath kerberos-using-apacheds.jar org.jboss.test.kerberos.CreateKeytab HTTP/localhost@JBOSS.ORG httppwd http.keytab
Keytab file was created: /home/kwart/kerberos-tests/http.keytab