mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 7bb61b | patch | commitdiff
Ludovic Poitou
08.27.2011 d99e9b513cbd28252e0baa2767c7b0928485614e
refs
author Ludovic Poitou <ludovic.poitou@forgerock.com>
Thursday, December 8, 2011 10:27 +0100
committer Ludovic Poitou <ludovic.poitou@forgerock.com>
Thursday, December 8, 2011 10:27 +0100
commitd99e9b513cbd28252e0baa2767c7b0928485614e
tree 3d1b52aa95f7d7f96c4257e0d73db6c6a0d265d9 tree | zip | gz
parent 7bb61b9d50e15907a8db0fed3c4b6e37238df6ed view | diff 
Fix for OPENDJ-377 - Kerberos authentication with AD KDC fails with LoginException(Client not found in Kerberos database (6))
Add the isInitiator=false option in the JAAS configuration for Kerb/GSS. When set to false it indicates that we're accepting GSSContexts, not initiating them. On a server, it prevents Kerb from verifying that the server's principal name is actually an account in the KDC (which it isn't since the server's principal name should be a service principal).
1 files modified
2 ■■■ changed files
opends/src/server/org/opends/server/extensions/GSSAPISASLMechanismHandler.java 2 ●●● diff | view | raw | blame | history