Re: question about krb5.conf file
On 18/10/2012 21:15, Mead, Jen L wrote: Hi, I am trying to get my AIX box configured to use Windows Authentication from the tomcat server (web browser). I have been relying on the example that is at http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html#Tomcat_instance. Here is my question. The example is using all windows and not unix, so I am not 100% sure on my syntax AND I have two domains I am working with. One for the tomcat server and one for the windows domain controller. The example shows them all on the same domain and I have tried a few different configurations and they haven't worked. So I am hoping to get an answer here. New topic; new thread please. Don't just edit your previous one. p This is my info: AIX 6100-04-11-1140 apache-tomcat-7.0.27 tomcat server domain: CON-WAY.COM windows AD domain: CONWAY.PROD.CON-WAY.COM Here is what I currently have in the krb5.conf file (it has changed many times LOL): [libdefaults] default_realm = CONWAY.PROD.CON-WAY.COM default_keytab_name = FILE:/opt/apache-tomcat-7.0.27/conf/tomcat.keytab default_tkt_enctypes = des-cbc-md5 des-cbc-crc default_tgs_enctypes = des-cbc-md5 des-cbc-crc forwardable=true [realms] CONWAY.PROD.CON-WAY.COM = { kdc = ciits003.conway.prod.con-way.com:88 } [domain_realm] con-way.com = CONWAY.PROD.CON-WAY.COM .con-way.com = CONWAY.PROD.CON-WAY.COM [logging] kdc = FILE:/var/krb5/log/krb5kdc.log admin_server = FILE:/var/krb5/log/kadmin.log default = FILE:/var/krb5/log/krb5lib.log Anyone see any blaring errors? I am not sure I need to put the word FILE in front of all file locations, but it was in the Windows example Jen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
question about krb5.conf file
Hi, I am trying to get my AIX box configured to use Windows Authentication from the tomcat server (web browser). I have been relying on the example that is at http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html#Tomcat_instance. Here is my question. The example is using all windows and not unix, so I am not 100% sure on my syntax AND I have two domains I am working with. One for the tomcat server and one for the windows domain controller. The example shows them all on the same domain and I have tried a few different configurations and they haven't worked. So I am hoping to get an answer here. This is my info: AIX 6100-04-11-1140 apache-tomcat-7.0.27 tomcat server domain: CON-WAY.COM windows AD domain: CONWAY.PROD.CON-WAY.COM Here is what I currently have in the krb5.conf file (it has changed many times LOL): [libdefaults] default_realm = CONWAY.PROD.CON-WAY.COM default_keytab_name = FILE:/opt/apache-tomcat-7.0.27/conf/tomcat.keytab default_tkt_enctypes = des-cbc-md5 des-cbc-crc default_tgs_enctypes = des-cbc-md5 des-cbc-crc forwardable=true [realms] CONWAY.PROD.CON-WAY.COM = { kdc = ciits003.conway.prod.con-way.com:88 } [domain_realm] con-way.com = CONWAY.PROD.CON-WAY.COM .con-way.com = CONWAY.PROD.CON-WAY.COM [logging] kdc = FILE:/var/krb5/log/krb5kdc.log admin_server = FILE:/var/krb5/log/kadmin.log default = FILE:/var/krb5/log/krb5lib.log Anyone see any blaring errors? I am not sure I need to put the word FILE in front of all file locations, but it was in the Windows example Jen
Re: question about krb5.conf file
Hi. Mead, Jen L wrote: Hi, I am trying to get my AIX box configured to use Windows Authentication from the tomcat server (web browser). I have been relying on the example that is at http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html#Tomcat_instance. Here is my question. The example is using all windows and not unix, so I am not 100% sure on my syntax AND I have two domains I am working with. One for the tomcat server and one for the windows domain controller. The example shows them all on the same domain and I have tried a few different configurations and they haven't worked. So I am hoping to get an answer here. I am not sure, but I believe, that the SPNEGO authentication which is included in Tomcat right now presupposes that the Tomcat host itself is a Windows machine, and member of the Windows domain in which you want the authentication to take place (or probably at least a trusted domain). If that were the case, then you may be better off having a look at the other alternatives indicated in that documentation page, or at Jespa (www.ioplex.com) which is a commercial (but affordable) solution which works with whatever OS Tomcat is running under. I can't figure out from the Waffle website if Waffle works on other than on Windows Tomcat hosts either. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org