topic Re: Kerberos and CIFS in Alfresco Archive

Kerberos and CIFS

eddies — Tue, 20 Sep 2016 22:09:12 GMT

Hello, I am trying to get Kerberos authentication working against AD for CIFS support. I am currently running community 201605.Kerberos on the OS, (CentoOS 7) works fine. kinit will grab a key. But it does not work in Alfresco. No matter what I set the principal to be, a packet capture shows Alfres

Re: Kerberos and CIFS

afaust — Wed, 21 Sep 2016 18:30:01 GMT

You should also have an AlfrescoHTTP principal defined in the login config because the HTTP filter for Kerberos uses that during its initialisation. See configuring Kerberos against AD in the documentation.

Re: Kerberos and CIFS

eddies — Wed, 21 Sep 2016 19:18:06 GMT

My Alfresco install was originally setup against Ntlm, and I was trying to use Kerosene for CIFS only for sake of not messing everything up at once.

Are you saying I am required to use Kerberos for HTTP if I want to use Kerberos for CIFS?

Thanks.

-Eddie

Re: Kerberos and CIFS

afaust — Wed, 21 Sep 2016 19:28:42 GMT

Yes, you are technically forced / required to allow Kerberos for HTTP if you want to use Kerberos for CIFS. Because authentication via HTTP is the primary use case while authentication for CIFS is an optional "bonus". But you can use the authentication chain and other configuration properties in such a way that Kerberos is used last for HTTP authentication (last in the chain) - so that it effectively may not be used at all. Kerberos being last in the chain does not prevent you from using it for CIFS authentication - you only need to make sure it is the only authentication system enabled for CIFS and you should be fine.

Re: Kerberos and CIFS

eddies — Fri, 23 Sep 2016 22:25:11 GMT

Wow, I wish I would have known that before. It would have saved me a lot of time.

It's working great now. Thanks.