mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 265b26 | patch | commitdiff
Ludovic Poitou
08.27.2011 ad91c08e0c56981b9dbf3459ca23c1cbe349e7c1
refs
author Ludovic Poitou <ludovic.poitou@forgerock.com>
Thursday, December 8, 2011 10:27 +0100
committer Ludovic Poitou <ludovic.poitou@forgerock.com>
Thursday, December 8, 2011 10:27 +0100
commitad91c08e0c56981b9dbf3459ca23c1cbe349e7c1
tree 78d21e1aab0f6b6fdb4dd572b99e5aba0cbd6988 tree | zip | gz
parent 265b26ed8b2d7f2cbed02866acfef911a5068923 view | diff 
Fix for OPENDJ-377 - Kerberos authentication with AD KDC fails with LoginException(Client not found in Kerberos database (6))
Add the isInitiator=false option in the JAAS configuration for Kerb/GSS. When set to false it indicates that we're accepting GSSContexts, not initiating them. On a server, it prevents Kerb from verifying that the server's principal name is actually an account in the KDC (which it isn't since the server's principal name should be a service principal).
1 files modified
2 ■■■ changed files
opendj-sdk/opends/src/server/org/opends/server/extensions/GSSAPISASLMechanismHandler.java 2 ●●● diff | view | raw | blame | history