Dear William,
I have successfully installed/run SSO using Kerberos and mod_auth_kerb module. But still I have one issue with mod_auth_kerb. I have installed Kerberos version: 'krb5-1.8.1' Mod_auth_kerb version : mod_auth_kerb-5.0 Apache version : 1.3.1 After installation of Kerberos, it works fine as SSO for the machine in specific domain for which I have configured it. For the machine in non-domain network gives me 'Authorisation failed' error page which is error#401. For above error#401, I want to re-direct application to my 'specific login page' which is not work as expected. I am trying below code block to configure my 'httpd.conf' file in apache which provide TGT to the system for SSO. <LocationMatch "/spa/autoLogin.do*"> AuthType Kerberos AuthName "Kerberos Active Directory Login" KrbMethodNegotiate on KrbMethodK5Passwd off KrbAuthRealms SLB.COM KrbServiceName HTTP/[email protected] Krb5Keytab /opt/httpd/lib/krb5.keytab KrbVerifyKDC on KrbAuthoritative on require valid-user ##ErrorDocument 404 /spa/login.jsp ##ErrorDocument 401 /spa/login.jsp </LocationzMatch> Using above code snaps of 'httpd.conf' file, which works fine for SSO, I try to redirect to 'login.jsp' in-case of user not get TGT (when user try to access same url from non-domain machine). For this case I use : ErrorDocument 404 /spa/login.jsp ErrorDocument 401 /spa/login.jsp But when I use above 401,404 error document entry in above code snaps, it does not work for SSO and only gives 'login.jsp' page. In the vice-versa, When I remove above 401,404 error document entry, my SSO works fine. Can you give me any suggestion/solution so that I can redirect application to my error-page when TGT not generated? I tried many combinations but does not get successful. Kind Regards, Dileep Kumar | Atos Origin India | Software Engineer [email protected] | D: +91 -22-6733 4392| M: +91 9820585213| www.atosorigin.com -----Original Message----- From: Will Fiveash [mailto:[email protected]] Sent: Tuesday, February 09, 2010 6:05 AM To: Kumar, Dileep Cc: [email protected]; [email protected] Subject: Re: unable to get default realm for solaris 10 On Mon, Feb 08, 2010 at 12:52:20PM -0600, Douglas E. Engert wrote: > > > Kumar, Dileep wrote: > > Dear Andrea, > > I have installed native Kerberos on my solaris10 machine from Solaris10 OS > > DVD. > > Still I am getting the same error of 'does not specify default realm'. > > In side the file "/var/log/krb5kdc.log' I am getting following error: > > " krb5kdc: Configuration file does not specify default realm - while > > attempting to retrieve default realm" > > Can you please help me on it? > > So are you trying to run a KDC on this machine? > > What is in your /etc/krb5/krb5.conf and /etc/krb5/kdc.conf? In addition there are detailed instructions on how to setup a Solaris 10 system as a KDC on sun.com: http://docs.sun.com/app/docs/doc/816-4557/seamtm-1?a=view Read the section on configuring a master KDC and follow the steps with care. -- Will Fiveash Sun Microsystems Inc. http://opensolaris.org/os/project/kerberos/ Sent from mutt, a sweet ASCII MUA ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
