Re: question about krb5.conf file
On 18/10/2012 21:15, Mead, Jen L wrote:
Hi,
I am trying to get my AIX box configured to use Windows Authentication from
the tomcat server (web browser). I have been relying on the example that is
at
http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html#Tomcat_instance.
Here is my question. The example is using all windows and not unix, so I
am not 100% sure on my syntax AND I have two domains I am working with. One
for the tomcat server and one for the windows domain controller. The example
shows them all on the same domain and I have tried a few different
configurations and they haven't worked. So I am hoping to get an answer here.
New topic; new thread please. Don't just edit your previous one.
p
This is my info:
AIX 6100-04-11-1140
apache-tomcat-7.0.27
tomcat server domain: CON-WAY.COM
windows AD domain: CONWAY.PROD.CON-WAY.COM
Here is what I currently have in the krb5.conf file (it has changed many
times LOL):
[libdefaults]
default_realm = CONWAY.PROD.CON-WAY.COM
default_keytab_name = FILE:/opt/apache-tomcat-7.0.27/conf/tomcat.keytab
default_tkt_enctypes = des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des-cbc-md5 des-cbc-crc
forwardable=true
[realms]
CONWAY.PROD.CON-WAY.COM = {
kdc = ciits003.conway.prod.con-way.com:88
}
[domain_realm]
con-way.com = CONWAY.PROD.CON-WAY.COM
.con-way.com = CONWAY.PROD.CON-WAY.COM
[logging]
kdc = FILE:/var/krb5/log/krb5kdc.log
admin_server = FILE:/var/krb5/log/kadmin.log
default = FILE:/var/krb5/log/krb5lib.log
Anyone see any blaring errors? I am not sure I need to put the word FILE in
front of all file locations, but it was in the Windows example
Jen
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
[key:62590808]
signature.asc
Description: OpenPGP digital signature
question about krb5.conf file
Hi,
I am trying to get my AIX box configured to use Windows Authentication from the
tomcat server (web browser). I have been relying on the example that is at
http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html#Tomcat_instance.
Here is my question. The example is using all windows and not unix, so I am
not 100% sure on my syntax AND I have two domains I am working with. One for
the tomcat server and one for the windows domain controller. The example shows
them all on the same domain and I have tried a few different configurations and
they haven't worked. So I am hoping to get an answer here.
This is my info:
AIX 6100-04-11-1140
apache-tomcat-7.0.27
tomcat server domain: CON-WAY.COM
windows AD domain: CONWAY.PROD.CON-WAY.COM
Here is what I currently have in the krb5.conf file (it has changed many times
LOL):
[libdefaults]
default_realm = CONWAY.PROD.CON-WAY.COM
default_keytab_name = FILE:/opt/apache-tomcat-7.0.27/conf/tomcat.keytab
default_tkt_enctypes = des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des-cbc-md5 des-cbc-crc
forwardable=true
[realms]
CONWAY.PROD.CON-WAY.COM = {
kdc = ciits003.conway.prod.con-way.com:88
}
[domain_realm]
con-way.com = CONWAY.PROD.CON-WAY.COM
.con-way.com = CONWAY.PROD.CON-WAY.COM
[logging]
kdc = FILE:/var/krb5/log/krb5kdc.log
admin_server = FILE:/var/krb5/log/kadmin.log
default = FILE:/var/krb5/log/krb5lib.log
Anyone see any blaring errors? I am not sure I need to put the word FILE in
front of all file locations, but it was in the Windows example
Jen
Re: question about krb5.conf file
Hi. Mead, Jen L wrote: Hi, I am trying to get my AIX box configured to use Windows Authentication from the tomcat server (web browser). I have been relying on the example that is at http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html#Tomcat_instance. Here is my question. The example is using all windows and not unix, so I am not 100% sure on my syntax AND I have two domains I am working with. One for the tomcat server and one for the windows domain controller. The example shows them all on the same domain and I have tried a few different configurations and they haven't worked. So I am hoping to get an answer here. I am not sure, but I believe, that the SPNEGO authentication which is included in Tomcat right now presupposes that the Tomcat host itself is a Windows machine, and member of the Windows domain in which you want the authentication to take place (or probably at least a trusted domain). If that were the case, then you may be better off having a look at the other alternatives indicated in that documentation page, or at Jespa (www.ioplex.com) which is a commercial (but affordable) solution which works with whatever OS Tomcat is running under. I can't figure out from the Waffle website if Waffle works on other than on Windows Tomcat hosts either. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
