Reputation: 75
WSO2 IS - Using IS as a krb5-admin-server
I have a krb5-sftpd server on a machine and I want to use the Identity Server as the KDC and the administrative server of the keys.
By now, I can retrieve a ticket from the Identity Server, the thing now is to use the kadmin - ktadd command to pass the keys to the krb5-sftpd server.
I am using Identity Server 3.2.3.
Can I use the command kadmin - ktadd on the Identity Server?
Upvotes: 1
Views: 106
Answers (1)
Reputation: 26
WSO2 Identity Server 3.5.0 seems to have some issues (https://wso2.org/jira/si/jira.issueviews:issue-html/IDENTITY-922/IDENTITY-922.html) regarding Kerberos Authentication. They have been fixed on WSO2 IS 4.5.0. If you do not specifially require the use of version 3.5.0 please use 4.5.0 to setup the KDC.
The setup process is the same as for 3.5.0. I was able to follow this document: http://wso2.com/library/articles/2012/07/kerberos-authentication-using-wso2-products/
and get a KDC up and running and use kinit and klist commands to on it.
If you are trying to use kadmin ktadd to add service principal to WSO2 IS, I am not sure if that is possible. The recommended way is to use the WSO2 Management console to add a service principal to the KDC.
Once that is done, you can configure the service (krb5-sftp) to use the KDC.
Upvotes: 1
Related Questions
- Krb5.conf vs krb5.keytab in Kafka kerberos authentication
- Kerberos 5 Application Server
- Kerberos Authentication Issue in WSO2 Identity server 5.9.0
- WSO2 Identity Server - Tenant Admin Login failure - Error occurred while getting tenant user realm for tenant id
- Kerberos: kadmin not working properly
- Log in WSO2 Identity Server (IS) with Kerberos authentication
- wso2 identity server - add new profile
- How to build WSO2 Identity Server