0

I want to access an LDAP directory in Java using a keytab. However, my keytab appears as null.

Password access works with this code after the logincontext has been created (I get my tickets in kerberos):

Hashtable<String, String> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
env.put(Context.PROVIDER_URL, "ldap://localhost/");
final DirContext ctx = new InitialDirContext(env);
Attributes attributes = ctx.getAttributes("cn=user1,ou=people,dc=example,dc=com");

I use the following code to try to access the directory via the Keytab file, but it always asks me to enter a password :

JaasClient {
  com.sun.security.auth.module.Krb5LoginModule required
    client=true
    useKeyTab=true
    keytab="/etc/security/keytabs/users3.keytab"
    debug=true
    storeKey=true
    principal="users3@EXAMPLE.COM";
};

DirContextSource.Builder builder = new DirContextSource.Builder("ldap://localhost");
builder.gssApiAuth("JaasClient");
DirContextSource contextSource = builder.build();
DirContext ctx = contextSource.getDirContext();
Attributes attributes = ctx.getAttributes("cn=user1,ou=people,dc=example,dc=com");

Error :

Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is null
Key for the principal users3@REALM not available in default key tab

Can someone tell me what I am doing wrong ?

Camille B
  • 1
  • Test the keytab is correct with [`kinit`](https://stackoverflow.com/q/25240416/2970947) before assuming everything is correct. – Elliott Frisch Jun 07 '23 at 17:59
  • You haven't shared any usable information, but the output from the Krb5LoginModule only. BTW, thanks for trying out my library. – Michael-O Jul 11 '23 at 19:43

0 Answers0