https://connect.hyland.com/t5/alfresco-archive/alfresco-4-community-kerberos/m-p/262111#M215241 <HTML><HEAD></HEAD><BODY><SPAN>Situation:</SPAN><BR /><BR /><SPAN>I am an IT developer for a department at a university and users want a fileshare that they can access from anywhere with any computer, including a "mapped drive" and I figured Alfresco Share with webdav and/or CIFS would be a great way.&nbsp;&nbsp;&nbsp; Note, most computers are not on the same domain or even the same network as the Alfresco server, so SSO is not an option, but I wanted a secure way of authentication that would allow CIFS so that left alfrescoNtlm or Kerberos.&nbsp; I set up the Alfresco Community Edition 4.0 server using the wizard (except changed tomcat ports to 80 and 443) on a Windows Server 2008 64-bit and got it working fairly well with built in permissions.&nbsp; However, I would prefer not having to manage a separate list of users/passwords so I thought Kerberos authentication is the best option and am trying to configure it according to documentation at </SPAN><A href="http://docs.alfresco.com/4.0/topic/com.alfresco.enterprise.doc/concepts/auth-kerberos-intro.html" rel="nofollow noopener noreferrer">http://docs.alfresco.com/4.0/topic/com.alfresco.enterprise.doc/concepts/auth-kerberos-intro.html</A><SPAN> but as I am a newbie am having trouble getting it to work and (but I will have to change it back to alfrescoNtlm if I can't get it to work.&nbsp; Any help is appreciated.</SPAN><BR /><BR /><BR /><SPAN>We have a very unique set-up for Kerberos, so let me give you that info first.&nbsp; I have replaced the name of our university with [university] in all documentation below.</SPAN><BR /><SPAN>NetBIOS domain name: ADS</SPAN><BR /><SPAN>servers: ADS.UNIVERSITY.EDU</SPAN><BR /><SPAN>ADS realm/domain name is ADS.UNIVERSITY.EDU</SPAN><BR /><SPAN>MIT Kerberos Realm name: INS.UNIV.EDU (note this is a different domain name then the AD server)</SPAN><BR /><BR /><SPAN>So when we log onto computers on the domain we use ADS as our domain but I must run these ksetup commands on a PC before it joins:</SPAN><BR /><SPAN>ksetup /addkdc INS.UNIV.EDU KERBEROS.UNIV.EDU</SPAN><BR /><SPAN>ksetup /addkdc INS.UNIV.EDU KERBEROS2.UNIV.EDU</SPAN><BR /><SPAN>ksetup /addkdc INS.UNIV.EDU KERBEROS3.UNIV.EDU</SPAN><BR /><BR /><SPAN>I followed the instructions on the DOC page for configuring Kerberos authentication to the best of my ability but have an error on alfresco explorer and cannot get CIFS or WebDAV to map.&nbsp; Hers is some stripped-down relevant files:</SPAN><BR /><BR /><SPAN>alfresco-global.properties</SPAN><PRE class="language-none line-numbers"><CODE>dir.root=E:/Alfresco/alf_data<BR /><BR />alfresco.context=alfresco<BR />alfresco.host=127.0.0.1<BR />alfresco.port=80<BR />alfresco.protocol=http<BR /><BR />share.context=share<BR />share.host=127.0.0.1<BR />share.port=80<BR />share.protocol=http<BR /><BR />### authentication ###<BR /># alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap<BR /># alfrescoNtlm1:alfrescoNtlm<BR />alfrescoNtlm1:alfrescoNtlm,kerberos1:kerberos<BR /><BR /><BR />### CIFS settings ###<BR />cifs.enabled=true<BR />cifs.serverName=alfresco<BR />cifs.domain=<BR />cifs.hostannounce=true<BR />cifs.sessionTimeout=900<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><SPAN>repository.properties</SPAN><BR /><PRE class="language-none line-numbers"><CODE>authentication.chain=alfrescoNtlm1:alfrescoNtlm,kerberos1:kerberos<SPAN class="line-numbers-rows"><SPAN>‍</SPAN></SPAN></CODE></PRE><SPAN>alfresco-authentication.properties</SPAN><BR /><PRE class="language-none line-numbers"><CODE>ntlm.authentication.sso.enabled=false<BR />alfresco.authentication.allowGuestLogin=true<BR />alfresco.authentication.authenticateCIFS=true<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><SPAN>kerberos-authentication.properties</SPAN><BR /><PRE class="language-none line-numbers"><CODE>kerberos.authentication.realm=INS.UNIV.EDU<BR />kerberos.authentication.sso.enabled=false<BR />kerberos.authentication.user.configEntryName=Alfresco<BR />kerberos.authentication.cifs.configEntryName=AlfrescoCIFS<BR />kerberos.authentication.cifs.password=password1 ### I put text of real AD user password here<BR />kerberos.authentication.http.configEntryName=AlfrescoHTTP<BR />kerberos.authentication.http.password=password1 ### I put text of real AD user password here<BR />kerberos.authentication.defaultAdministratorUserNames=admin,auser ### auser1 is a username that is both in AD as well as alfresco - I don't know what this refers to<BR />kerberos.authentication.authenticateCIFS=true<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><SPAN>I also made AD users AlfrescoCIFS &amp; AlfrescoHTTP and did ktpass output and setspn as described in doc and created java.login.config.&nbsp; I am not sure I did this right because our situation is unique.&nbsp; These are the commands I ran:</SPAN><BR /><PRE class="language-none line-numbers"><CODE>ktpass -princ cifs/alfresco.university.edu@INS.UNIV.EDU -pass password1 -mapuser ADS\AlfrescoCIFS -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out E:\Alfresco\AlfrescoCIFS.keytab -kvno 0<BR />ktpass -princ HTTP/alfresco.university.edu@INS.UNIV.EDU -pass password1 -mapuser ADS\AlfrescoHTTP -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out E:\Alfresco\AlfrescoHTTP.keytab -kvno 0<BR /><BR />setspn -a cifs/alfresco AlfrescoCIFS<BR />setspn -a cifs/alfresco.university.edu AlfrescoCIFS<BR /><BR />setspn -a HTTP/alfresco AlfrescoHTTP<BR />setspn -a HTTP/alfresco.university.edu AlfrescoHTTP<BR /><BR />setspn -l AlfrescoCIFS<BR />setspn -l AlfrescoHTTP<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><SPAN>java.login.config</SPAN><BR /><PRE class="language-none line-numbers"><CODE>Alfresco {<BR />&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule sufficient;<BR />};<BR /><BR />AlfrescoCIFS {<BR />&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule required<BR />&nbsp;&nbsp; storeKey=true<BR />&nbsp;&nbsp; useKeyTab=true<BR />&nbsp;&nbsp; keyTab="E:/Alfresco/AlfrescoCIFS.keytab"<BR />&nbsp;&nbsp; principal="cifs/alfresco.university.edu";<BR />};<BR /><BR />AlfrescoHTTP {<BR />&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule required<BR />&nbsp;&nbsp; storeKey=true<BR />&nbsp;&nbsp; useKeyTab=true<BR />&nbsp;&nbsp; keyTab="E:/Alfresco/AlfrescoCIFS.keytab"<BR />&nbsp;&nbsp; principal="HTTP/alfresco.university.edu";<BR />};<BR /><BR />com.sun.net.ssl.client {<BR />&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule sufficient;<BR />};<BR /><BR />other {<BR />&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule sufficient;<BR />};<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><SPAN>When I log into alfresco share, I can use alfresco users and passwords but not AD ones.&nbsp; Do I need to set up Authorities and/or ACL's first?</SPAN><BR /><SPAN>When I open the address for alfresco explorer, I get this error:</SPAN><BR /><PRE class="language-none line-numbers"><CODE>org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'globalAuthenticationFilter' defined in file [E:\Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\kerberos\kerberos-filter-context.xml]: Invocation of init method failed; nested exception is javax.servlet.ServletException: Failed to login HTTP server service<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1420)<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)<BR />&nbsp;&nbsp;&nbsp;org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1075)<BR />&nbsp;&nbsp;&nbsp;org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:96)<BR />&nbsp;&nbsp;&nbsp;org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<BR />&nbsp;&nbsp;&nbsp;org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)<BR />&nbsp;&nbsp;&nbsp;$Proxy244.doFilter(Unknown Source)<BR />&nbsp;&nbsp;&nbsp;org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)<BR />&nbsp;&nbsp;&nbsp;org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:58)<BR />root cause<BR /><BR />javax.servlet.ServletException: Failed to login HTTP server service<BR />&nbsp;&nbsp;&nbsp;org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter.init(BaseKerberosAuthenticationFilter.java:179)<BR />&nbsp;&nbsp;&nbsp;org.alfresco.web.app.servlet.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:72)<BR />&nbsp;&nbsp;&nbsp;org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.afterPropertiesSet(BaseSSOAuthenticationFilter.java:115)<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1477)<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1417)<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)<BR />&nbsp;&nbsp;&nbsp;org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)<BR />&nbsp;&nbsp;&nbsp;org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1075)<BR />&nbsp;&nbsp;&nbsp;org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:96)<BR />&nbsp;&nbsp;&nbsp;org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<BR />&nbsp;&nbsp;&nbsp;org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)<BR />&nbsp;&nbsp;&nbsp;$Proxy244.doFilter(Unknown Source)<BR />&nbsp;&nbsp;&nbsp;org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)<BR />&nbsp;&nbsp;&nbsp;org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:58)<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><SPAN>And this is the end of the log file:</SPAN><BR /><PRE class="language-none line-numbers"><CODE> 2011-11-11 17:30:07,292&nbsp; ERROR [app.servlet.KerberosAuthenticationFilter] [http-80-1] HTTP Kerberos web filter error<BR /> javax.security.auth.login.LoginException: null (68)<BR />&nbsp;&nbsp;&nbsp;at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)<BR />&nbsp;&nbsp;&nbsp;at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)<BR />&nbsp;&nbsp;&nbsp;at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<BR />&nbsp;&nbsp;&nbsp;at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)<BR />&nbsp;&nbsp;&nbsp;at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)<BR />&nbsp;&nbsp;&nbsp;at java.lang.reflect.Method.invoke(Method.java:597)<BR />&nbsp;&nbsp;&nbsp;at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)<BR />&nbsp;&nbsp;&nbsp;at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)<BR />&nbsp;&nbsp;&nbsp;at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)<BR />&nbsp;&nbsp;&nbsp;at java.security.AccessController.doPrivileged(Native Method)<BR />&nbsp;&nbsp;&nbsp;at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)<BR />&nbsp;&nbsp;&nbsp;at javax.security.auth.login.LoginContext.login(LoginContext.java:579)<BR />&nbsp;&nbsp;&nbsp;at org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter.init(BaseKerberosAuthenticationFilter.java:165)<BR />&nbsp;&nbsp;&nbsp;at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:72)<BR />&nbsp;&nbsp;&nbsp;at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.afterPropertiesSet(BaseSSOAuthenticationFilter.java:115)<BR />&nbsp;&nbsp;&nbsp;at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1477)<BR />&nbsp;&nbsp;&nbsp;at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1417)<BR />&nbsp;&nbsp;&nbsp;at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)<BR />&nbsp;&nbsp;&nbsp;at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)<BR />&nbsp;&nbsp;&nbsp;at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)<BR />&nbsp;&nbsp;&nbsp;at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)<BR />&nbsp;&nbsp;&nbsp;at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)<BR />&nbsp;&nbsp;&nbsp;at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)<BR />&nbsp;&nbsp;&nbsp;at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1075)<BR />&nbsp;&nbsp;&nbsp;at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:96)<BR />&nbsp;&nbsp;&nbsp;at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<BR />&nbsp;&nbsp;&nbsp;at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)<BR />&nbsp;&nbsp;&nbsp;at $Proxy244.doFilter(Unknown Source)<BR />&nbsp;&nbsp;&nbsp;at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)<BR />&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)<BR />&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)<BR />&nbsp;&nbsp;&nbsp;at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:58)<BR />&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)<BR />&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)<BR />&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)<BR />&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)<BR />&nbsp;&nbsp;&nbsp;at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465)<BR />&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)<BR />&nbsp;&nbsp;&nbsp;at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)<BR />&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)<BR />&nbsp;&nbsp;&nbsp;at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)<BR />&nbsp;&nbsp;&nbsp;at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)<BR />&nbsp;&nbsp;&nbsp;at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)<BR />&nbsp;&nbsp;&nbsp;at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)<BR />&nbsp;&nbsp;&nbsp;at java.lang.Thread.run(Thread.java:619)<BR />Caused by: KrbException: null (68)<BR />&nbsp;&nbsp;&nbsp;at sun.security.krb5.KrbAsRep.&lt;init&gt;(KrbAsRep.java:66)<BR />&nbsp;&nbsp;&nbsp;at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449)<BR />&nbsp;&nbsp;&nbsp;at sun.security.krb5.Credentials.sendASRequest(Credentials.java:406)<BR />&nbsp;&nbsp;&nbsp;at sun.security.krb5.Credentials.acquireTGT(Credentials.java:355)<BR />&nbsp;&nbsp;&nbsp;at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662)<BR />&nbsp;&nbsp;&nbsp;… 44 more<BR />Caused by: KrbException: Identifier doesn't match expected value (906)<BR />&nbsp;&nbsp;&nbsp;at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)<BR />&nbsp;&nbsp;&nbsp;at sun.security.krb5.internal.ASRep.init(ASRep.java:58)<BR />&nbsp;&nbsp;&nbsp;at sun.security.krb5.internal.ASRep.&lt;init&gt;(ASRep.java:53)<BR />&nbsp;&nbsp;&nbsp;at sun.security.krb5.KrbAsRep.&lt;init&gt;(KrbAsRep.java:50)<BR />&nbsp;&nbsp;&nbsp;… 48 more<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>Anything I did wrong or still need to do to get Kerberos to work?</SPAN></BODY></HTML> Tue, 15 Nov 2011 19:03:14 GMT lefton4ya 2011-11-15T19:03:14Z https://connect.hyland.com/t5/alfresco-archive/alfresco-4-community-kerberos/m-p/262111#M215241 Situation:I am an IT developer for a department at a university and users want a fileshare that they can access from anywhere with any computer, including a "mapped drive" and I figured Alfresco Share with webdav and/or CIFS would be a great way.&nbsp;&nbsp;&nbsp; Note, most computers are not on the same domain or Tue, 15 Nov 2011 19:03:14 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-4-community-kerberos/m-p/262111#M215241 lefton4ya 2011-11-15T19:03:14Z https://connect.hyland.com/t5/alfresco-archive/alfresco-4-community-kerberos/m-p/262112#M215242 <HTML><HEAD></HEAD><BODY><SPAN>Could you post your krb5.conf? When I got this error I had omitted the krb5.conf.</SPAN></BODY></HTML> Mon, 30 Jan 2012 17:13:39 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-4-community-kerberos/m-p/262112#M215242 throwback 2012-01-30T17:13:39Z