I realize this isn't officially supported, but it would seem that I am close, so I thought I would try to get this working.
I followed the directions here: https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations#wiki-working-kerberos-configuration (With the exception of the title setting, which seems silly to include in the directions) The server in question is already setup to do kerberos authentication for shell users against AD, and I can do the following in IRB: portcon gitlab # irb > irb(main):001:0> require "krb5_auth" > => true > irb(main):002:0> @krb5 = ::Krb5Auth::Krb5.new > => #<Krb5Auth::Krb5:0x000000009d20b0> > irb(main):003:0> @krb5.get_default_realm > => "MYDOMAIN" > irb(main):004:0> @krb5.get_init_creds_password('sogden','CorrectPassword') > => true > irb(main):005:0> > @krb5.get_init_creds_password('sogden','IncorrectPassword') > Krb5Auth::Krb5::Exception: Preauthentication failed > from (irb):5:in `get_init_creds_password' > from (irb):5 > from /usr/bin/irb:12:in `<main>' > So it seems the krb5_auth module is set up and working correctly. I set up GitLab to auto-create new users, and to not block them. Within GitLab, here is what currently happens: 1) Go to the login page, click the Kerberos button. 2) I am presented with the login page, and type in the credentials used in the test above. 3) I am immediate returned to the standard login page. 4) Trying to login on the standard page with the above credentials does not work. 5) When I login as admin, I see that the sogden kerberos user was created and is not blocked. I'm not seeing anything in the logs that might be helpful besides: I, [2014-03-04T18:57:11.031132 #3427] INFO -- omniauth: (kerberos) Request > phase initiated. > I, [2014-03-04T18:57:17.144190 #3431] INFO -- omniauth: (kerberos) > Callback phase initiated. > in the file log/unicorn.stdout.log. Any thoughts on trouble shooting, or where and how I could insert some logging to get an idea of what is going on? Thanks for your help, GitLab looks very promising and I hope to integrate it within our environment. Spencer -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
