Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
350 views

Authenticating to eDir with MIT kerberos

The objective is to use a central MIT Kerberos service to authenticate
eDirectory users. My first obstacle seems is importing the ssl
certificate into the java keystore.

If I export the certificate in der format as the documentation suggests
there is no option for the private key and password, but when running
this command:

keytool -import -alias "kerbcert" -file /root/oes-cert.der -keystore
$JAVA_HOME/jre/lib/security/cacerts

Then it prompts for a password.

Any idea what I'm doing wrong?

Also any additional documentation or reference I may need than this:

http://www.novell.com/documentation/edir88/edir88/?page=/documentation/edir88/edir88/data/bsb6ma6.html

would be appreciated.

Again for starters just trying to enable the imanager kerberos task as
of right now all I get is this:


Authentication Failed, One possible cause could be that the SSL
certificate is not properly Installed. Install the certificate in the
JAVA keystore.

Thank you in advance,

David Brown
Labels (1)
0 Likes
12 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Authenticating to eDir with MIT kerberos

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is very likely prompting for the cacerts password. Usually that is
'changeit' (the security of this file, when it holds only public keys,
is zero) so maybe try that. Maybe try pressing [Enter] twice to have an
empty password (not sure if that works).

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPc90rAAoJEF+XTK08PnB5M14QAMP9pZhq5Dm4Fa5T4ytqR+Kk
X4/pwArp0t6W7g+Gas5Lvfc/dQ59hy5CTvTuU4WYcoTR1qseBuEd9ewd0+MrfCIF
lEHDbAX71ICfWaHyTJA7RfDoIY1ma9NUWYhOZ5hlJD9npRG+jyPvchdSyyzY7RTj
jjT9LEO7aPWsPX2CEJmqxioQeVd2u4anirB68zkW96cvjTmyxVQkuGRxvQsmIsej
wlXvlCcm56FiCxp56GUloH4c5ijzOdiRmdFU75DBDMGaKzK1Cqtn0CTTMa8PDcut
ujiY1LNEpzp0iyEAFk7dd70HaMStHbcT72gEW1EzY+RntzNngxl8s37Xwu8YVbLK
gnZNj+GCc9GbKx3LaokVUXWsm3UJoZxaW6TfASjsi9KaXSJIc884UAcN485NfAAv
1BPQ/RI8QerL//LF4I77mYm9KhvuWAjghVwCpwoKiqyQFqM+KZlThhwZ/aDsg7X/
029/OYM3L6zD+2oYfvYxWQkSLOaXMW9/ttOVtZMnJK5X3xuXUJBNfHfHpWMd+lYC
Ko7oj35szV5KbVizABwKKPIeqI0TnhcJVcYbaQxeetqW8s4IYgo3k9A1D4wIfyFm
ZUqYjnXpZe7XPdm9Dq6CB3mATe9Sbsqcd7Zsm3YtetUK8GTVR+aSYGrWYRu2WiwW
O6+mU2dyqlD/pdLR7XP9
=IXXs
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Authenticating to eDir with MIT kerberos

changeit worked, Thanks!

On 3/28/2012 8:55 PM, ab wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This is very likely prompting for the cacerts password. Usually that is
> 'changeit' (the security of this file, when it holds only public keys,
> is zero) so maybe try that. Maybe try pressing [Enter] twice to have an
> empty password (not sure if that works).
>
> Good luck.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.18 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJPc90rAAoJEF+XTK08PnB5M14QAMP9pZhq5Dm4Fa5T4ytqR+Kk
> X4/pwArp0t6W7g+Gas5Lvfc/dQ59hy5CTvTuU4WYcoTR1qseBuEd9ewd0+MrfCIF
> lEHDbAX71ICfWaHyTJA7RfDoIY1ma9NUWYhOZ5hlJD9npRG+jyPvchdSyyzY7RTj
> jjT9LEO7aPWsPX2CEJmqxioQeVd2u4anirB68zkW96cvjTmyxVQkuGRxvQsmIsej
> wlXvlCcm56FiCxp56GUloH4c5ijzOdiRmdFU75DBDMGaKzK1Cqtn0CTTMa8PDcut
> ujiY1LNEpzp0iyEAFk7dd70HaMStHbcT72gEW1EzY+RntzNngxl8s37Xwu8YVbLK
> gnZNj+GCc9GbKx3LaokVUXWsm3UJoZxaW6TfASjsi9KaXSJIc884UAcN485NfAAv
> 1BPQ/RI8QerL//LF4I77mYm9KhvuWAjghVwCpwoKiqyQFqM+KZlThhwZ/aDsg7X/
> 029/OYM3L6zD+2oYfvYxWQkSLOaXMW9/ttOVtZMnJK5X3xuXUJBNfHfHpWMd+lYC
> Ko7oj35szV5KbVizABwKKPIeqI0TnhcJVcYbaQxeetqW8s4IYgo3k9A1D4wIfyFm
> ZUqYjnXpZe7XPdm9Dq6CB3mATe9Sbsqcd7Zsm3YtetUK8GTVR+aSYGrWYRu2WiwW
> O6+mU2dyqlD/pdLR7XP9
> =IXXs
> -----END PGP SIGNATURE-----


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Authenticating to eDir with MIT kerberos

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Great to hear! Thanks for posting back your results.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPdH7ZAAoJEF+XTK08PnB5oC0QALjp0dbZHp27rOqqOGAH2DoY
Vg7JbHZRK2tfCSqi5Sv/S6Bz26JJSwuoNE/e3nOYDR+8mbQrtsQXA40Zyw0Vkt8v
Q/zOmZn4DjeJAFjqAKIeSOJf1TPGcVp6F7fSBvU9qlkzGIuJm7TitqXlXsVgExcj
XVugR1k9AbubaGWTISSHGBhg68rCmnbiSatUWtm3ke/eDqZo144AIlLqlEzKB5SR
tRy5J92TQJ6a4VgIbPKWtESJ+XnLGXBsbAPCCEPWRtCcKXxUwwFgpe5IL1PWgXXG
NfJt1rtNeuKVEa3HxQu10aBfVSeWz+7bRPWw2nhfqeZRuoDbo/iwFjwAAO+o93sk
Srk5JyAnu5mzRRW4WkDpvCfPnBC0+4j4GxBjM7SS/uXdt9Ea2gf40neP76tPncpG
ihkCYT454xED1PNNujhqJO+9hNlrOKyjMFnnb77sQ/jkngWQpgmluG0xZ2yP2oEv
3LIUKPlZ3Rk4rlodtl8VPTEIA4MlacqiKKbHFfTtlylnxplWR52LWvFB+HHNeDDF
7aJlZbBXRFD3EcRH8PwfgKGCzZfBN52CQK/1fK5nzbd1AcFwKhtUvvYwLlj+fhnm
c8OkSDaqNpJ3k50C8YUq9/WctcMO04v7cqb3wecQmwfIKUjFk8nAIjL5uhW9Wgr0
U6Ak3XodW5+2K8+4Lm+O
=p8Zd
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Authenticating to eDir with MIT kerberos

Picked this backup after vacation. I'm still getting this error:

Authentication Failed, One possible cause could be that the SSL
certificate is not properly Installed. Install the certificate in the
JAVA keystore.

When trying to do anything under the Kerberos task.

I've exported the root certificate and imported it with this command

keytool -import -alias "ssl-ip" -file /root/certs/ssl-ip.der -keystore
/usr/lib/jvm/java-1_4_2-sun-1.4.2.19/jre/lib/security/cacerts

to the following locations:

/var/opt/novell/tomcat5/conf/cacerts
/usr/lib64/jvm/java-1_5_0-ibm-1.5.0/jre/lib/security/cacerts
/usr/lib/jvm/java-1_5_0-ibm-1.5.0/jre/lib/security/cacerts
/usr/lib/jvm/java-1_4_2-sun-1.4.2.19/jre/lib/security/cacerts

Any ideas what's going on, or what I might be doing wrong?

On 03/29/2012 08:25 AM, ab wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Great to hear! Thanks for posting back your results.
>
> Good luck.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.18 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJPdH7ZAAoJEF+XTK08PnB5oC0QALjp0dbZHp27rOqqOGAH2DoY
> Vg7JbHZRK2tfCSqi5Sv/S6Bz26JJSwuoNE/e3nOYDR+8mbQrtsQXA40Zyw0Vkt8v
> Q/zOmZn4DjeJAFjqAKIeSOJf1TPGcVp6F7fSBvU9qlkzGIuJm7TitqXlXsVgExcj
> XVugR1k9AbubaGWTISSHGBhg68rCmnbiSatUWtm3ke/eDqZo144AIlLqlEzKB5SR
> tRy5J92TQJ6a4VgIbPKWtESJ+XnLGXBsbAPCCEPWRtCcKXxUwwFgpe5IL1PWgXXG
> NfJt1rtNeuKVEa3HxQu10aBfVSeWz+7bRPWw2nhfqeZRuoDbo/iwFjwAAO+o93sk
> Srk5JyAnu5mzRRW4WkDpvCfPnBC0+4j4GxBjM7SS/uXdt9Ea2gf40neP76tPncpG
> ihkCYT454xED1PNNujhqJO+9hNlrOKyjMFnnb77sQ/jkngWQpgmluG0xZ2yP2oEv
> 3LIUKPlZ3Rk4rlodtl8VPTEIA4MlacqiKKbHFfTtlylnxplWR52LWvFB+HHNeDDF
> 7aJlZbBXRFD3EcRH8PwfgKGCzZfBN52CQK/1fK5nzbd1AcFwKhtUvvYwLlj+fhnm
> c8OkSDaqNpJ3k50C8YUq9/WctcMO04v7cqb3wecQmwfIKUjFk8nAIjL5uhW9Wgr0
> U6Ak3XodW5+2K8+4Lm+O
> =p8Zd
> -----END PGP SIGNATURE-----


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Authenticating to eDir with MIT kerberos

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Are you sure one of those keystores is being used? Have any tracing
information (from `ndstrace with +AUTH +TAGS +NMAS +LDAP +TIME` for
example) to narrow the problem a little bit.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPf+liAAoJEF+XTK08PnB5PtkQAI2bGgLdtmyyJ7Y6y6wXgzTx
77Quxd6O1N9wpMcjIGJpg+j8FnRahbMK/5FcFw/L5XRQw42Wf0rFgXLTNlz7fMtF
NUMJxh9a9Gx8yKIM8ZEFHOe7nGCOW5GQuliqUu5AMpTDLaIeDMSXWwRvVOVLkH0k
Wt71bCT52Eb5K/sgWT3PbCwMnzYED5+Xt74XYXZ7Rc0CDgwgK10ww6igNOrsgbaX
ftWWglDAq3EQei/hDJklp37OucVvQ39z5l+6GkBC9fGu0JKXsnAUtrVTjTkWjzkJ
jbYyT0+KxWe9Uy4deC/taPkMISHXQxzBjMu4u0MFXdKao+FZNdRvYGRoEA0rUAd0
Uyu5OOZ2msYvJhhlJNvyOXIjDup8P56ZVpLqTj6o254fq9/feCPhsxB5vyjk6ynL
H0CxRnZ+pKq52WJxiA6TC0nf5N7VWNUupctOJohIxTxZhd0QHomKDSbieg43Q2h5
F9Rm0Jjav7WrdLFC33BlJJzkBdNc8QQLxx32MM0hcVXa717mIwZjxxTsCZCWmKG/
PlE7yNEofGRrfPY0DRTkutjJbjaTm7V4YMlWLn7QQRNneuiZTo+pu9cvWIi3o+8e
gchyObmZBPvW+HYPsV2tgrSyHJIIRe8c2R6V3Rv1BKORe2Pe21dUklg20xXUqHFP
IxjFn/Zqt5FMsosaXJkJ
=6+BT
-----END PGP SIGNATURE-----
0 Likes
Knowledge Partner
Knowledge Partner

Re: Authenticating to eDir with MIT kerberos

On Fri, 06 Apr 2012 21:41:42 +0000, David Brown wrote:

> Authentication Failed, One possible cause could be that the SSL
> certificate is not properly Installed. Install the certificate in the
> JAVA keystore.
>
> When trying to do anything under the Kerberos task.
>
> I've exported the root certificate and imported it with this command
>
> keytool -import -alias "ssl-ip" -file /root/certs/ssl-ip.der -keystore
> /usr/lib/jvm/java-1_4_2-sun-1.4.2.19/jre/lib/security/cacerts


Which keytool did you use? It looks like you have multiple JVMs
installed. I've found that using the keytool from the same JVM is
sometimes required.


> to the following locations:
>
> /var/opt/novell/tomcat5/conf/cacerts
> /usr/lib64/jvm/java-1_5_0-ibm-1.5.0/jre/lib/security/cacerts
> /usr/lib/jvm/java-1_5_0-ibm-1.5.0/jre/lib/security/cacerts
> /usr/lib/jvm/java-1_4_2-sun-1.4.2.19/jre/lib/security/cacerts


If this is for eDirectory itself, you missed a cacerts file. You should
have one under /opt/novell/eDirectory that eDir's JVM uses.

What OS is this on? Are you using eDir on OES, or is this on a straight
linux like SLES or RedHat?


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Authenticating to eDir with MIT kerberos

On 04/10/2012 07:30 AM, David Gersic wrote:
> On Fri, 06 Apr 2012 21:41:42 +0000, David Brown wrote:
>
>> Authentication Failed, One possible cause could be that the SSL
>> certificate is not properly Installed. Install the certificate in the
>> JAVA keystore.
>>
>> When trying to do anything under the Kerberos task.
>>
>> I've exported the root certificate and imported it with this command
>>
>> keytool -import -alias "ssl-ip" -file /root/certs/ssl-ip.der -keystore
>> /usr/lib/jvm/java-1_4_2-sun-1.4.2.19/jre/lib/security/cacerts

>
> Which keytool did you use? It looks like you have multiple JVMs
> installed. I've found that using the keytool from the same JVM is
> sometimes required.


/usr/bin/keytool

Do you know which JVM is used by imanager? I'll try the various keytools.
>
>
>> to the following locations:
>>
>> /var/opt/novell/tomcat5/conf/cacerts
>> /usr/lib64/jvm/java-1_5_0-ibm-1.5.0/jre/lib/security/cacerts
>> /usr/lib/jvm/java-1_5_0-ibm-1.5.0/jre/lib/security/cacerts
>> /usr/lib/jvm/java-1_4_2-sun-1.4.2.19/jre/lib/security/cacerts

>
> If this is for eDirectory itself, you missed a cacerts file. You should
> have one under /opt/novell/eDirectory that eDir's JVM uses.

I'm trying to work with the kerberos management tasks in imanager. And
getting this error:

Complete: Kerberos Schema extension failed.

Authentication Failed, One possible cause could be that the SSL
certificate is not properly Installed. Install the certificate in the
JAVA keystore.

Trying to follow this documentation:

http://www.novell.com/documentation/imanager27/imanager_admin_274/?page=/documentation/imanager27/imanager_admin_274/data/b7eyu8t.html

>
> What OS is this on? Are you using eDir on OES, or is this on a straight
> linux like SLES or RedHat?

OES2 X86_64 SP3

The bigger picture of what I'm trying to do is use an MIT kerberos realm
to authenticate my eDir users. Any pointer or reference on
accomplishing this would be appreciated.

Thank you,

David Brown
>
>


0 Likes
Knowledge Partner
Knowledge Partner

Re: Authenticating to eDir with MIT kerberos

On Tue, 17 Apr 2012 00:01:21 +0000, David Brown wrote:

> On 04/10/2012 07:30 AM, David Gersic wrote:
>> On Fri, 06 Apr 2012 21:41:42 +0000, David Brown wrote:
>>
>>> Authentication Failed, One possible cause could be that the SSL
>>> certificate is not properly Installed. Install the certificate in the
>>> JAVA keystore.
>>>
>>> When trying to do anything under the Kerberos task.
>>>
>>> I've exported the root certificate and imported it with this command
>>>
>>> keytool -import -alias "ssl-ip" -file /root/certs/ssl-ip.der -keystore
>>> /usr/lib/jvm/java-1_4_2-sun-1.4.2.19/jre/lib/security/cacerts

>>
>> Which keytool did you use? It looks like you have multiple JVMs
>> installed. I've found that using the keytool from the same JVM is
>> sometimes required.

>
> /usr/bin/keytool


Is that real, or is it a symlink to somewhere else?


> Do you know which JVM is used by imanager? I'll try the various
> keytools.


Not off hand, no. I think there's an iManager forum, IIRC, you might ask
there. I'd kind of expect it to be the tomcat one (/var/opt/novell/
tomcat5/conf/cacerts), since iManager is a Java app running under tomcat.


>>> to the following locations:
>>>
>>> /var/opt/novell/tomcat5/conf/cacerts
>>> /usr/lib64/jvm/java-1_5_0-ibm-1.5.0/jre/lib/security/cacerts
>>> /usr/lib/jvm/java-1_5_0-ibm-1.5.0/jre/lib/security/cacerts
>>> /usr/lib/jvm/java-1_4_2-sun-1.4.2.19/jre/lib/security/cacerts

>>
>> If this is for eDirectory itself, you missed a cacerts file. You should
>> have one under /opt/novell/eDirectory that eDir's JVM uses.

> I'm trying to work with the kerberos management tasks in imanager. And
> getting this error:
>
> Complete: Kerberos Schema extension failed.
>
> Authentication Failed, One possible cause could be that the SSL
> certificate is not properly Installed. Install the certificate in the
> JAVA keystore.


That's not especially helpful, is it?

I wonder if dstrace +ldap on the server would show any more useful
information. It might. It sounds like this is trying to do an LDAP bind.
Do LDAP binds work for you outside of iManager?


> Trying to follow this documentation:
>
> http://www.novell.com/documentation/imanager27/imanager_admin_274/?

page=/documentation/imanager27/imanager_admin_274/data/b7eyu8t.html
>
>
>> What OS is this on? Are you using eDir on OES, or is this on a straight
>> linux like SLES or RedHat?

> OES2 X86_64 SP3


Ok, so there should be an eDirectory instance present on this box. But
its cacerts should (I think) already be updated with its own Tree CA self
signed cert. Still, you might do a 'keytool -list' on it to find out for
sure.


> The bigger picture of what I'm trying to do is use an MIT kerberos realm
> to authenticate my eDir users. Any pointer or reference on
> accomplishing this would be appreciated.


Sorry, no idea. I think that's mostly a client / NMAS function, really,
so you might have more luck asking about it in the client or NMAS support
forums. Or, maybe somebody else here knows something about this.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
Highlighted
Anonymous_User Absent Member.
Absent Member.

Re: Authenticating to eDir with MIT kerberos

I finally broke down and opened a ticket on this.

Apparently the correct path for cacerts for imanager on oes2 sp3 is:
/usr/lib/jvm/java-1_5_0-ibm_sr5a/jre/lib/security/cacerts

However this still did not allow authentication to kerberos tasks. He
ended up having me install imanager workstation which did work.

That's not an entirely satisfactory solution, but at least it works.

db

On 03/28/2012 08:55 PM, ab wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This is very likely prompting for the cacerts password. Usually that is
> 'changeit' (the security of this file, when it holds only public keys,
> is zero) so maybe try that. Maybe try pressing [Enter] twice to have an
> empty password (not sure if that works).
>
> Good luck.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.18 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJPc90rAAoJEF+XTK08PnB5M14QAMP9pZhq5Dm4Fa5T4ytqR+Kk
> X4/pwArp0t6W7g+Gas5Lvfc/dQ59hy5CTvTuU4WYcoTR1qseBuEd9ewd0+MrfCIF
> lEHDbAX71ICfWaHyTJA7RfDoIY1ma9NUWYhOZ5hlJD9npRG+jyPvchdSyyzY7RTj
> jjT9LEO7aPWsPX2CEJmqxioQeVd2u4anirB68zkW96cvjTmyxVQkuGRxvQsmIsej
> wlXvlCcm56FiCxp56GUloH4c5ijzOdiRmdFU75DBDMGaKzK1Cqtn0CTTMa8PDcut
> ujiY1LNEpzp0iyEAFk7dd70HaMStHbcT72gEW1EzY+RntzNngxl8s37Xwu8YVbLK
> gnZNj+GCc9GbKx3LaokVUXWsm3UJoZxaW6TfASjsi9KaXSJIc884UAcN485NfAAv
> 1BPQ/RI8QerL//LF4I77mYm9KhvuWAjghVwCpwoKiqyQFqM+KZlThhwZ/aDsg7X/
> 029/OYM3L6zD+2oYfvYxWQkSLOaXMW9/ttOVtZMnJK5X3xuXUJBNfHfHpWMd+lYC
> Ko7oj35szV5KbVizABwKKPIeqI0TnhcJVcYbaQxeetqW8s4IYgo3k9A1D4wIfyFm
> ZUqYjnXpZe7XPdm9Dq6CB3mATe9Sbsqcd7Zsm3YtetUK8GTVR+aSYGrWYRu2WiwW
> O6+mU2dyqlD/pdLR7XP9
> =IXXs
> -----END PGP SIGNATURE-----


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Authenticating to eDir with MIT kerberos


Hi David,

I encountered the same problem, so switch to use iManager Workstation,
but it is always launched with non-secure connection. so I want to know
what you do during the installation and configuration of iManager
Workstation. of course, I think my version is newer, 2.7.6.

Thank you very much. and I also appreciate any feedback from Novell
Great Man.

David Brown;1127 Wrote:
> I finally broke down and opened a ticket on this.
>
> Apparently the correct path for cacerts for imanager on oes2 sp3 is:
> /usr/lib/jvm/java-1_5_0-ibm_sr5a/jre/lib/security/cacerts
>
> However this still did not allow authentication to kerberos tasks. He
> ended up having me install imanager workstation which did work.
>
> That's not an entirely satisfactory solution, but at least it works.
>
> db
>
> On 03/28/2012 08:55 PM, ab wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > This is very likely prompting for the cacerts password. Usually that

> is
> > 'changeit' (the security of this file, when it holds only public

> keys,
> > is zero) so maybe try that. Maybe try pressing [Enter] twice to have

> an
> > empty password (not sure if that works).
> >
> > Good luck.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.18 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> >
> > iQIcBAEBAgAGBQJPc90rAAoJEF+XTK08PnB5M14QAMP9pZhq5Dm4Fa5T4ytqR+Kk
> > X4/pwArp0t6W7g+Gas5Lvfc/dQ59hy5CTvTuU4WYcoTR1qseBuEd9ewd0+MrfCIF
> > lEHDbAX71ICfWaHyTJA7RfDoIY1ma9NUWYhOZ5hlJD9npRG+jyPvchdSyyzY7RTj
> > jjT9LEO7aPWsPX2CEJmqxioQeVd2u4anirB68zkW96cvjTmyxVQkuGRxvQsmIsej
> > wlXvlCcm56FiCxp56GUloH4c5ijzOdiRmdFU75DBDMGaKzK1Cqtn0CTTMa8PDcut
> > ujiY1LNEpzp0iyEAFk7dd70HaMStHbcT72gEW1EzY+RntzNngxl8s37Xwu8YVbLK
> > gnZNj+GCc9GbKx3LaokVUXWsm3UJoZxaW6TfASjsi9KaXSJIc884UAcN485NfAAv
> > 1BPQ/RI8QerL//LF4I77mYm9KhvuWAjghVwCpwoKiqyQFqM+KZlThhwZ/aDsg7X/
> > 029/OYM3L6zD+2oYfvYxWQkSLOaXMW9/ttOVtZMnJK5X3xuXUJBNfHfHpWMd+lYC
> > Ko7oj35szV5KbVizABwKKPIeqI0TnhcJVcYbaQxeetqW8s4IYgo3k9A1D4wIfyFm
> > ZUqYjnXpZe7XPdm9Dq6CB3mATe9Sbsqcd7Zsm3YtetUK8GTVR+aSYGrWYRu2WiwW
> > O6+mU2dyqlD/pdLR7XP9
> > =IXXs
> > -----END PGP SIGNATURE-----



--
ted_use001
------------------------------------------------------------------------
ted_use001's Profile: https://forums.netiq.com/member.php?userid=6446
View this thread: https://forums.netiq.com/showthread.php?t=244

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Authenticating to eDir with MIT kerberos

On 12/07/2013 03:01 AM, ted use001 wrote:
>
> Hi David,
>
> I encountered the same problem, so switch to use iManager Workstation,
> but it is always launched with non-secure connection. so I want to know
> what you do during the installation and configuration of iManager
> Workstation. of course, I think my version is newer, 2.7.6.


I do not know what the original issue was (thread is too old to show up
via NNTP, and I'm in a hurry so not looking it up on the web) but the
"insecure" nature reported on iManager Workstation's first screen is not
an issue. This means that you're accessing iManager via HTTP instead of
HTTPS. For a server version of iManager this would mean that you are
sending username and password across a LAN/WAN without any encryption, but
with iManager Workstation (running on your local system) there is no wire
across which those credentials are sent because iManager is local.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Authenticating to eDir with MIT kerberos

On Sat, 07 Dec 2013 10:01:05 +0000, ted use001 wrote:

> I encountered the same problem, so switch to use iManager Workstation,
> but it is always launched with non-secure connection.


That's only kind of true. The "unsecure" part is from the embedded web
browser to the tomcat instance, both of which are running on your
workstation, so there's not much danger of interception.

Everything that goes on the wire from tomcat to the servers is NCP.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.