RE: is that common to use kerberos authentication for SUN iplanet LDAP server?
You can use Sun's Directory server with non Sun kdc, you just have to have SEAM (Sun's Kerberos) setup on the director server (ie - it needs the client libs). If you have an install on Solaris 9 or 10 I don't even then you need to install anything - the Kerberos libs are already there. (You will have to run the directory server on a Solaris box). See http://docs.sun.com/source/817-7613/ssl.html -dan -----Original Message----- From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of Kent Wu Sent: Wednesday, August 31, 2005 3:29 PM To: kerberos@mit.edu Subject: is that common to use kerberos authentication for SUN iplanet LDAP server? Hi guys, Does anyone have experience on this to share? I've set up a SUN LDAP server and it's running fine by using simple authentication so far. Of course I want to make it more secure (to protect the password while binding to LDAP server) so I'm thinking either MD5-Digest or Kerberos. However looks like SUN LDAP itself doesn't have kerberos abilities and I have to install SEAM (Sun Enterprise Authentication Mechanism) separately to enable Kerberos..... So I was thinking that if I can easily configure SUN LDAP to use MD5-digest then that should be the easiest however it seems that I have to store the password as plain-text in LDAP server to enable MD5-digest and I don't want to do that (Let me know if there are other easier ways to enable MD5-digest). So my question is th...

RE: is that common to use kerberos authentication for SUN iplanet LDAP server?
Whether a directory can do SASL/GSSAPI data privacy and/or integrity is directory server specific. Some directories (AD) support privacy and/or integrity protection. Others (Sun) don't, so you must use SSL. One other thing to be aware of is that clients and downgrade the privacy and integrity protection. If clients can do downgrade the data protection, it makes me wonder if an attacker can downgrade the session. I haven't looked into it enough. -dan -----Original Message----- From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of Markus Moeller Sent: Thursday, September 01, 2005 1:24 PM To: kerberos@mit.edu Subject: Re: is that common to use kerberos authentication for SUN iplanet LDAP server? Craig, you say you use SASL + SSL. As far as I know SASL/GSSAPI can do encryption too. What was the reason not to use SASL/GSSAPI with encryption. And example is AD, which can be accessed via SASL/GSSAPI with encryption. Thanks Markus "Craig Huckabee" <huck@spawar.navy.mil> wrote in message news:4316DEC8.5060809@spawar.navy.mil... > Kent Wu wrote: >> >> So my question is that is it pretty easy to enable Kerberos for SUN >> LDAP after installing SEAM? Or can SUN LDAP use other KDC as well? > > We use Sun's LDAP server with PADL's GSSAPI plugin - we built our copy > against MIT Kerberos 1.3.x and use MIT KDCs. I think the binary versions > they sold previously also use MIT Kerber...

RE: is that common to use kerberos authentication for SUN iplanet LDAP server? #2
Markus, I know SASL/GSSAPI can do encryption according to the document however I tried a while back to enable the encryption against AD while doing kerberos authentication in my C program but failed. Did you really enable the encryption successfully in the program? If so then I must have missing something then.... Thanks. -Kent -----Original Message----- From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of Markus Moeller Sent: Thursday, September 01, 2005 12:24 PM To: kerberos@mit.edu Subject: Re: is that common to use kerberos authentication for SUN iplanet LDAP server? Craig, you say you use SASL + SSL. As far as I know SASL/GSSAPI can do encryption too. What was the reason not to use SASL/GSSAPI with encryption. And example is AD, which can be accessed via SASL/GSSAPI with encryption. Thanks Markus "Craig Huckabee" <huck@spawar.navy.mil> wrote in message news:4316DEC8.5060809@spawar.navy.mil... > Kent Wu wrote: >> >> So my question is that is it pretty easy to enable Kerberos for SUN >> LDAP after installing SEAM? Or can SUN LDAP use other KDC as well? > > We use Sun's LDAP server with PADL's GSSAPI plugin - we built our copy > against MIT Kerberos 1.3.x and use MIT KDCs. I think the binary versions > they sold previously also use MIT Kerberos. > > We now have several processes that regularly use only GSSAPI/SASL over > SSL to authenticate and communicate wi...

Trouble authenticating with Kerberos & LDAP
I've been very frustrated trying to get this to work. We are trying to use a windows 2003 server as our Kerberos server, along with our openldap on solaris as our directory server. The machines we want to authenticate on are all Solaris 9. The ldap tree is fully populated, and working properly. With our current nsswitch.conf, logins work using the ldap directory (with posixAccount & shadowAccount records), as does a getent passwd <ldapusername>. Also, we have our Windows 2003 server's directory setup with named users, and with our current pam.conf, we can authenticate aga...

Microsoft SSPI error
Hello, I have configuration of active directory 2003 r2 sp3 working with linux mod_auth_kerb. I use SPNEGO for subversion. When using Linux all work great! When using Windows XP(and Windows 7) Firefox/IE/cifs client work great. Problem is subversion which uses neon, it get the following: --- Running post_send hooks ah_post_send (#1), code is 201 (want 401), WWW-Authenticate is Negotiate oYGfMIG coAMKAQChCwYJKoZIhvcSAQICooGHBIGEYIGBBgkqhkiG9xIBAgICAG9yMHCgAwIBBaEDAgEPomQwYqA DAgEXolsEWTLvPLmZvxBgaMEmPDDTIeG9bdJ5rmfTEtsj6Cv9eF9s9Z8sBWhVhPXYzIVsm/sw0hqR+1u DM9frpOeV2Y0YGtDk2flN5iOM/HdEujj0GXAYEWHvPp/3kSc2 auth: SSPI challenge. InitializeSecurityContext [fail] [80090304]. sspi: initializeSecurityContext [failed] [80090304]. --- At windows event log I see the following: --- Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40962 Date: 10/3/2011 Time: 3:55:38 PM User: N/A Computer: VALON Description: The Security System was unable to authenticate to the server HTTP/correlux-gentoo.correlsense.com because the server has completed the authentication, but the client authentication protocol Kerberos has not. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. --- Had anyone seen this before? I tried many configurations, but without success: --- Gentoo --- dev-libs/openssl-1.0.0e -> also downgraded to openssl-0.9.8f www-servers/apache-2.2.21 www-apache/mod_auth_kerb-5.4 -> also downgraded to m...

Unable to run SASL using GSSAPI/kerberos 5 as authentication against Sun One Directory Server
I am tring to run the same example that Microsoft has given for authentication. I am tring this sample against SEAM and not AD. FYI: I am able to run gssapi samples successfully. Also /var/Sun/mps/shared/bin/ldapsearch -o mech=GSSAPI -h blade -p 389 -o realm="quark.co.in" -o authzid="test@QUARK.CO.IN" -b "ou=people,dc=quark,dc=co,dc=in" objectclass=* runs well So I know that I do not have installing probs. Though I am abl to get the ticket still error.txt(attaches is the output) $klist Ticket cache: /tmp/krb5cc_1023 Default principal: test@QUARK.CO.IN Valid starting Expires Service principal Fri Feb 27 20:22:14 2004 Sat Feb 28 04:22:14 2004 krbtgt/QUARK.CO.IN@QUARK.CO.IN Fri Feb 27 20:26:52 2004 Sat Feb 28 04:22:14 2004 ldap/blade.quark.co.in@QUARK.CO.IN Any small hint shall also be of great use. ---------------------------Output at full log traceLevel----------------------------- ldap_open ldap_init nsldapi_open_ldap_connection nsldapi_connect_to_host: blade:389 sd 4 connected to: 10.91.198.100 ldap_open successful, ld_host is (null) LDAP service name: ldap@blade ==> client_establish_context Sending init_sec_context token (size=466)... 60 82 01 ce 06 09 2a 86 48 86 f7 12 01 02 02 01 00 6e 82 01 bd 30 82 01 b9 a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 01 01 61 81 fe 30 81 fb a0 03 02 01 05 a1 0d 1b 0b 51 55 41 52 4b 2e 43 4f 2e 49 4e a2 24 30 22 a0 03 02 01 03 a1 1...

Authenticate Using Multiple LDAPs Sun One Web Server
I am wondering if it is possible to configure Sun One Web Server to authenticate users against more than one LDAP server. For example, if a user is in either one of two LDAP servers (active directory or Aphelion), they will be granted access to the web site. B Dolley wrote: > I am wondering if it is possible to configure Sun One Web Server to > authenticate users against more than one LDAP server. For example, if > a user is in either one of two LDAP servers (active directory or > Aphelion), they will be granted access to the web site. Dear Mr. B :-) I'm not familiar with aph...

Forcing the use of kerberos by ldap clients when connecting to an openldap server
Hello all, I have an openldap server that successfully authenticates against a kerberos setup: [jamie@janeiro ~]$ ldapwhoami -Y GSSAPI SASL/GSSAPI authentication started SASL username: jamie@example.com SASL SSF: 56 SASL installing layers dn:uid=jamie,ou=people,dc=example,dc=com Result: Success (0) When I do not put -Y GSSAPI in, I get: [jamie@janeiro ~]$ ldapwhoami ldap_sasl_interactive_bind_s: No such object (32) Is it possible to force the client or server to use GSSAPI for authentication, so I don't need to write it every time. In my slapd.conf file I have: TLSCertificateFile /etc/openldap/cacerts/newcert.pem TLSCertificateKeyFile /etc/openldap/cacerts/newreq.pem .... sasl-secprops noanonymous,noplain,noactive saslRegexp uid=([^/]*),cn=GSSAPI,cn=auth uid= $1,ou=people,dc=example,dc=com In particular this sasl-secprops is (according to the website I pilfered that line off) in theory will force the use of GSSAPI, but in practice it doesn't. The reason I wish to force GSSAPI is to make a java app I need to interoperate with use the right mechanism (i.e. GSSAPI), and hence authenticate against kerberos via LDAP rather than authenticate against ldap only. Thanks for any help. Jamie Actually I'm a putz, What I was trying to do would never have worked! authentication against LDAP using GSSAPI requires the user to have already signed into a kerberos realm and have a token. In my setup, that token was not available (the user never signs in), hence it'...

Changing master key (Kerberos authentication server+LDAP database)
Is it possible to change the master key of a realm when LDAP is used as the database server? The stash file is not present since LDAP is used. Appreciate any help on this. Thanks, Anubha ...

Authenticating Mac OSX 10.3.X to Kerberos using LDAP.
Hi, I am trying to allow students in the Mac lab to authenticate at the login prompt to Kerberos using LDAP. I followed the instructions on various web sites but the only way that I was able to log in with a valid kerberos username and password was if I created a local account with the same short uid name. I would like to avoid having to create local accounts and allow any student who has a valid keberos username and password to be able to login. We are not using AFS. Is there another way do this? I would appreciate any help you can provide. Thank you in advance and I look forward to hearing from you. Darin Pemberton Technical Specialist Barnard College, Columbia University. dpembert@barnard.edu, dp2128@columbia.edu 212-854-9096 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos On 2005-07-20 10:55:51 -0500, dpembert@barnard.edu (Darin Pemberton) said: > Hi, > I am trying to allow students in the Mac lab to authenticate at > the login prompt to Kerberos using LDAP. I followed the instructions > on various web sites but the only way that I was able to log in with a > valid kerberos username and password was if I created a local account > with the same short uid name. There's a big misunderstanding. Authenticating over Kerberos using LDAP?? Why? Why not using just Kerberos? LDAP can be used for information retrieval like home...

ldap used with Kerberos and squid
Am developing a security system for which am looking at using ldap and kerberos to achieve authentication and authorization.Now i have a prob that i want single user 4 which i wanted to use radius server but its not for a single user. Wats the way foward...

VPN using Kerberos authentication
I'm trying to set up the Cisco VPN on a PIX 515e, running 7.0(4)2 to use Kerberos authentication (via our Windows 2000 Server), using the Cisco VPN client. I got the VPN to work with both the local authentication (the local user database on the PIX), and with NT authentication, but what we really want is to use Kerberos authentication. I set up the VPN using the ASDM VPN Wizard, which seems to work great, other than this Kerberos issue, and so I'll only list the parameters (and the responses I give) on the Wizard page that deals with AAA. Field on the VPN wizard ...

Authentication with Kerberos & LDAP
Hello, I'm looking for material written about authenticating users in an LDAP directory with Kerberos. I would for example want to log into serveral servers via say SSH with an account present in an LDAP directory, and have this be authenticated with Kerberos. I've seen some half finished documents about this, mostly in linux environments, but nothings really good. Much appreciated if someone could point me in a direction. /Paul ...

Using Solaris 10 built in Kerberos support with Kerberos application
In an attempt to use vendor provided Kerberos support where possible, we have been able to use the Solaris 10 Kerberos and the Solaris provided kinit, pam_krb5 and ssh or any application that uses Kerberos via GSSAPI. But we have a number of other Kerberos applications, including qpop for Kerberized pop service, aklog with OpenAFS and kerberized CVS. The problem is that Solaris only exposes Kerberos via GSSAPI, and does not provide the krb5.h files or the normal Kerberos libraries. *What I would like to ask SUN is to include the krb5.h and its friends with the Solaris 10 base system.* To get around this, http:/www.opesolaris.org/source/xref/usr/src/uts/common/gsspai/mechs/krb5/include has a krb5.h that appears to match the /usr/lib/gss/mech_krb5.so that comes with Solaris 10. (I actually downloaded the tarfile to get the header files.) I have managed to get qpop-4.0.5 and OpenAFS-1.4.0-RC1 aklog to compile and run using this krb5.h with some modification, and the MIT-1.4.1 profile.h and com_err.h. Some problems along the way: o mech_krb5.so has most of the Kerberos routines and can be used as a shared library, but is clumsy to link as its not a "libxxx" o The opensolaris krb5.h is not guaranteed to match the mech_krb5.so o The krb5.h refers to profile.h which is not supplied. o Many of the Kerberos applications also use com_err.h which is not supplied. o There is no com_err add_error_table. o Solaris does not have krb524. So aklo...

Linux authentication using Kerberos and AD
I am trying to establish single sign on using linux,AD and Kerberos. I have created a test account in AD which does not exist in either local files or NIS. I have created a ketyab file and imported it on my linux box, configured both /etc/krb5.conf and /etc/pam.conf for my Reakm and Kerberos. I can use kinit to authenticate my test account and can see the TGTfor my test account as the security principle with klist. However I can't see the test account with getent passwd which may explain why I can't logon as the test account. The pam_krb5 error indicates it can't get a uid/gid. I can authenticate if I put a corresponding account in /etc/passwd or NIS but thus defeats the point if the exercise. Can anyone suggest what I may have missed and what needs to be edited in order for getent passwd to work? Kevin Gallagher Network Services Group C & IT Edinburgh Scotland ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Using ssh-keys for kerberos authentication
Hi! I'm wondering wether it is (at least theoretically) feasible to use a ssh-key to get kerberos tokens!? This is fairly important to me, since filesystems such as coda, afs of nfsv4 depend on kerberos-authentication to access the filespace. Patches for ssh exist that pass the token before trying to acces ..ssh/authorized_keys , but what if one doesn't even have tokens? Thanks in advance, Michael ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos >>>>> "Michael" == Michael Tautschnig <michael.tautschnig@zt-consulting.com> writes: Michael> Hi! I'm wondering wether it is (at least theoretically) Michael> feasible to use a ssh-key to get kerberos tokens!? This Michael> is fairly important to me, since filesystems such as Michael> coda, afs of nfsv4 depend on kerberos-authentication to Michael> access the filespace. It is theoretically possible. You would need to modify the Kerberos KDC to support this. Why not just use Kerberos authentication at the ssh layer though. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos > > Michael> Hi! I'm wondering wether it is (at least theoretically) > Michael> feasible to use a ssh-key to get kerberos tokens!? This > Michael>...

Using Kerberos Authentication for SSH Login
I am having hard time using Kerberos Authentication method for SSH login on Red Hat Advance Server 3.0. Basically I am trying to authenticate against MS AD, I was able to configure /etc/krb5.conf and create Kerberos ticket w/out any error message and I can telnet and login via console using my MS AD login and password. But the only problem I am having is ssh login, it is not working smoothly for me. If someone has encounter similar problem please let me know, I would appreciate all the help I can get. Thanks, ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Kerberos vs. LDAP for authentication -- any opinions?
At the risk of starting a religious war.... We currently use Kerberos for authentication for almost everything on our network. Some people here are advocating switching to using LDAP for authentication (we already have a pretty well developed LDAP infrastructure). This would of course require everyone to change their password as well the trauma of recoding applications that currently use Kerberos and haven't been converted to using PAM. Anyone have any pointers to information about the relative merits of using Kerberos or LDAP for authentication in a large heterogeneous environment? Any info is, of course, greatly appreciated. - C -- Email: cyberp70@yahoo.com LDAP is not an authentication infrastructure. All you are doing with LDAP is providing a database of usernames and passwords which is accessible over the network. Your users must then transmit said usernames and passwords across the network to a potentially compromised machine in order for them to be validated against the copies stored in LDAP. To me this approach is unacceptable. cyberp70@yahoo.com wrote: > At the risk of starting a religious war.... > > We currently use Kerberos for authentication for almost everything > on our network. Some people here are advocating switching to using > LDAP for authentication (we already have a pretty well developed LDAP > infrastructure). This would of course require everyone to change > their password as well the trauma of recoding applicat...

Problem using Kerberos for user authentication
I'm trying to get off the ground setting up Kerberos on a Fedora 11 box. I've attempted to follow the instructions here: http://aput.net/~jheiss/krbldap/howto.html "kinit username/admin" appears to work. But I can't get system logins to work. I've used the authconfig-tui utility to enable Kerberos for authentication; /etc/pam.d/system-auth looks like this: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth ...

Kerberos authentication between XP and 2000 server
Hi, I am trying to use Windows 2000 server as KDC for an XP machine.I read that, by default if the 2000 server is configured as DC,kerberos is used as authentication method by default.I am not able to authenticate using Kerberos. Steps done: I have configured the windows 2000 server as DC and added the XP as computer to it and also added a user. I am able to login to the DC. I have downloaded the ktray tools from the microsoft site. On DC, when I use the ktray tool,I can see the client name: Administrator@MYDOMAIN.COM service name: krbtgt/MYDOMAIN.COM@MYDOMAIN.COM taget name : krbtgt/MYDOMAIN.COM@MYDOMAIN.COM On XP, I see nothing :( Can any body please say what could be the problem ? Thanks. The very first thing to check is DNS. You must have valid fully qualified domain names for your XP and 2000 Server machines or the Kerberos authentication will fail and the workstation will fallback to NTLM. mdj_frend@yahoo.com wrote: > Hi, > > I am trying to use Windows 2000 server as KDC for an XP machine.I read > that, by default if the 2000 server is configured as DC,kerberos is > used as authentication method by default.I am not able to authenticate > using Kerberos. > > Steps done: > I have configured the windows 2000 server as DC and added the XP > as computer to it and also added a user. I am able to login to the DC. > I have downloaded the ktray tools from the microsoft site. > > On DC, when I use the ktray tool,I can see the...

replacing Heimdal with MIT Kerberos, and Kerberos key attributes in LDAP back-end
Hi all Since we are migrating from Debian to RedHat, we are considering replacing our Heimdal Kerberos server (with LDAP back-end) with an MIT Kerberos server (again with LDAP back-end) since RedHat packages are only available for MIT Kerberos. In order to make this migration/upgrade as transparent as possible for our users, we want to convert all the necessary info in the Heimdal back-end to the MIT back-end. Are there any pointers available for this kind of operation? E.g. things like conversion tables mapping the corresponding Kerberos-specific LDAP attributes? Or even scripts? I'm especially looking at the Kerberos key attributes, i.e. - Heimdal: krb5Key - MIT: krbPrincipalKey Is it possible to convert the former into the latter? Is there any code available for this operation? If not, we would have to require all our users to change their passwords at the same time, which is not very feasible. Thanks in advance Bart ...

RE: Linux authentication using Kerberos and AD
Also, I believe that you must either put the user into NIS or the local files, you do not have to have a shadow entry in local files. I have not tried via NIS yet. On the MS side you do not need AD4Unix. You need to install the current service packs, if 2000 you need the high encryption pack, and Microsoft services for UNIX 3.5 I think is the current version. In the AD user management tool you need to go to the UNIX tab and add that user to NIS. Make sure the uid and gid match what you put into the passwd file. On your Linux client you need a ldap.conf something like this... host yourhost base dc=your,dc=ad,dc=domain ldap_version 3 binddn cn=yourldapauthorizedaccount,cn=Users,dc=your,dc=ad,dc=domain bindpw aboveuserspw pam_password ad nss_map_objectclass posixAccount User nss_map_objectclass shadowAccount User nss_map_attribute uid msSFU30Name nss_map_attribute uniqueMember member nss_map_attribute userPassword msSFU30Password nss_map_attribute homeDirectory msSFU30HomeDirectory nss_map_objectclass posixGroup group nss_map_attribute uidNumber msSFU30UidNumber nss_map_attribute gidNumber msSFU30GidNumber nss_map_attribute gecos displayName nss_map_attribute loginShell msSFU30LoginShell pam_login_attribute msSFU30Name pam_filter objectclass=User You need to configure your files in /etc/pam.d properly You need to add ldap to /etc/nsswitch.conf Of course you have to setup krb5.conf kdc.conf -----Original Message----- From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mi...

Creating a Kerberos user principal using LDAP
Given a KDC using the LDAP backend, has anyone created a stand alone tool to create user principals by directly adding a LDAP entry? Apparently the difficultly is correctly creating the ASN.1 encoded key attribute (krbPrincipalkey) which is harder still because of the need to encrypt it using the master key (krbMKey). In the LDAP world, it isn't unusual that the password attribute value is generated with a special tool (unless the plaintext password is used). I think two tools would be interesting. 1. A tool that only spits out the krbPrincipalkey attribute on STDOUT. 2. A tool that creates the whole user principal including the krbPrincipalkey. More specifically, I would like some perl or python code that I include in a larger project. If either tools has not been created, there is code from the FreeIPA project, inside ipa_pwd_extop.c (see http://tinyurl.com/cfu63x) that fetches the master key and properly create the ASN.1 encoded key. That code could be used as a starting point or inspiration. Dax Kelson Guru Labs Dax Kelson wrote: > If either tools has not been created, there is code from the FreeIPA > project, inside ipa_pwd_extop.c (see http://tinyurl.com/cfu63x) that > fetches the master key and properly create the ASN.1 encoded key. That > code could be used as a starting point or inspiration. Security wise catching the modify password extended operation at the LDAP server's side is IMHO the right thing to do. FreeIPA does that for Fedor...

How to make LDAP data needed for Kerberos authentication
Hi, When I use the style of combination with Kerberos and OpenLDAP, I try to write java-codes with Novell LDAP Classes for Java to entry LDAP data needed for Kerberos authentication. Please tell me how to make LDAP data needed for Kerberos authentication or pointer (URL, Document, etc) to information for this purpose. Regards, --Shigeru -- Shigeru Ishida <ishida_shigeru@webgen.co.jp> INTEC Web and Genome Informatics Corporation. ISL BLDG 2F, 3-23 Shimoshin Town, Toyama City, Toyama., Japan, 930-0804 Web Site: www.webgen.co.jp ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos A list of useful links is here; http://swik.net/kerberos+LDAP+Java Shigeru Ishida wrote: > Hi, > > When I use the style of combination with Kerberos and OpenLDAP, > I try to write java-codes with Novell LDAP Classes for Java to > entry LDAP data needed for Kerberos authentication. > > Please tell me how to make LDAP data needed for Kerberos > authentication or pointer (URL, Document, etc) to information > for this purpose. > > Regards, > > --Shigeru > > -- > Shigeru Ishida <ishida_shigeru@webgen.co.jp> > INTEC Web and Genome Informatics Corporation. > ISL BLDG 2F, 3-23 Shimoshin Town, > Toyama City, Toyama., Japan, 930-0804 > Web Site: www.webgen.co.jp > > ________________________________________________ > Kerberos mail...