[otrs] Kerberos works for Apache directory, but not for OTRS

Stefan Günther Thu, 16 Feb 2017 23:17:08 -0800

Hello,

I have successfully setup Kerberos authentication for a Apache directory with the following configuration:

<Directory "/var/www/html/test/">
AllowOverride None
Options +ExecCGI -Includes
AuthType Kerberos
AuthName "TEST"
Krb5Keytab /etc/apache2/keytabs/tuxedo.keytab
KrbAuthRealms WIN2K12.LOCAL
KrbMethodNegotiate on
KrbSaveCredentials off
KrbMethodK5Passwd on
KrbServiceName HTTP/tuxedo.win2k12.local@WIN2K12.LOCAL
Require valid-user
Order allow,deny
Allow from all
</Directory>

When entering sguenther@WIN2K12.LOCAL I have access to the directory.

I added the same parameters to the OTRS configuration:

<Directory "/opt/otrs/bin/cgi-bin/">
AllowOverride None
Options +ExecCGI -Includes
AuthType Kerberos
AuthName "OTRS"
Krb5Keytab /etc/apache2/keytabs/tuxedo.keytab
KrbAuthRealms WIN2K12.LOCAL
KrbMethodNegotiate on
KrbSaveCredentials off
KrbMethodK5Passwd on
KrbServiceName HTTP/tuxedo.win2k12.local@WIN2K12.LOCAL
Require valid-user
Order allow,deny
Allow from all

.....

and to Config.pm

sub Load {

.....

$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
$Self->{'AuthModule::HTTPBasicAuth::ReplaceRegExp'} = '@WIN2K12.LOCAL';

I have to tried to login by either creating a user called "sguenther" or "sguenther@WIN2K12.LOCAL", but both login fail.

Since the Apache login works, I assume that someting in my OTRS configuration is missing or wrong.

BTW: This is Ubuntu 16.04 and OTRS 5.0.16

Does anyone have an idea what it could be?

Thanks for any hints or suggestions,

Stefan

---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs

[otrs] Kerberos works for Apache directory, but not for OTRS

Reply via email to