Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco Share & Kerberos 5

hwgonz
Champ in-the-making
Champ in-the-making

‎12-21-2010 11:03 AM

Hi, I haven't been able to successfully login with SSO to Alfresco Share using Kerberos. It has worked perfectly for Alfresco Explorer but not for Share. The Alfresco version is 3.4.c. Both Alfresco Explorer and Share are on the same server, so are using the same keytab. The server is a Linux Debian machine, running Debian Lenny.

I have modified the Share Custom Config file as suggested by http://forums.alfresco.com/en/viewtopic.php?f=9&t=27445

The error that appears in the log says  http-8080-1 WARN  [site.servlet.KerberosSessionSetupPrivilegedAction] credentials can not be delegated!

I have validated that the Alfresco server is trusted for delegation in Active Directory (Windows Server 2003 SP2), also the SPN used for HTTP connections is trusted for delegation.

Any help on this would be more than welcome.

Alfresco Log:

Using CATALINA_BASE:   /usr/local/tomcat
Using CATALINA_HOME:   /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME:        /usr/lib/jvm/java-6-sun/jre
Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar
Dec 22, 2010 11:21:08 AM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
Dec 22, 2010 11:21:08 AM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
Dec 22, 2010 11:21:08 AM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Dec 22, 2010 11:21:08 AM org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
Dec 22, 2010 11:21:08 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 469 ms
Dec 22, 2010 11:21:08 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Dec 22, 2010 11:21:08 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.24
Dec 22, 2010 11:21:09 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor manager.xml
Dec 22, 2010 11:21:09 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor host-manager.xml
Dec 22, 2010 11:21:09 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor alfresco.xml
Dec 22, 2010 11:21:09 AM org.apache.catalina.core.StandardContext addApplicationListener
INFO: The listener "org.apache.myfaces.webapp.StartupServletContextListener" is already configured for this context. The duplicate definition has been ignored.
11:21:13,172  INFO  [alfresco.config.JndiPropertiesFactoryBean] Loading properties file from class path resource [alfresco/repository.properties]
11:21:13,174  INFO  [alfresco.config.JndiPropertiesFactoryBean] Loading properties file from class path resource [alfresco/domain/transaction.properties]
11:21:13,174  INFO  [alfresco.config.JndiPropertiesFactoryBean] Loading properties file from file [/usr/local/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/module/tests/alfresco-global.properties]
11:21:13,175  INFO  [alfresco.config.JndiPropertiesFactoryBean] Loading properties file from file [/usr/local/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/module/test/alfresco-global.properties]
11:21:13,175  INFO  [alfresco.config.JndiPropertiesFactoryBean] Loading properties file from URL [file:/usr/local/tomcat/shared/classes/alfresco-global.properties]
11:21:13,224  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
11:21:13,315  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/version.properties]
11:21:13,329  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/domain/cache-strategies.properties]
11:21:23,853  INFO  [extensions.webscripts.TemplateProcessorRegistry] Registered template processor Repository Template Processor for extension ftl
11:21:23,855  INFO  [extensions.webscripts.ScriptProcessorRegistry] Registered script processor Repository Script Processor for extension js
11:21:30,054  INFO  [domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.MySQLInnoDBDialect.
11:21:30,263  INFO  [domain.schema.SchemaBootstrap] No changes were made to the schema.
11:21:30,317  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'sysAdmin' subsystem, ID: [sysAdmin, default]
11:21:30,342  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/version.properties]
11:21:30,342  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
11:21:30,343  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/domain/cache-strategies.properties]
11:21:30,351  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'sysAdmin' subsystem, ID: [sysAdmin, default] complete
11:21:32,003  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'thirdparty' subsystem, ID: [thirdparty, default]
11:21:32,015  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/version.properties]
11:21:32,017  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
11:21:32,018  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/domain/cache-strategies.properties]
11:21:32,570  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'thirdparty' subsystem, ID: [thirdparty, default] complete
11:21:32,570  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'OOoDirect' subsystem, ID: [OOoDirect, default]
11:21:32,588  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/version.properties]
11:21:32,588  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
11:21:32,589  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/domain/cache-strategies.properties]
11:21:32,977  WARN  [alfresco.util.OpenOfficeConnectionTester] An initial OpenOffice connection could not be established.
11:21:32,987  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'OOoDirect' subsystem, ID: [OOoDirect, default] complete
11:21:33,593  INFO  [repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /srv/alfresco/alf_data
11:21:33,647  INFO  [admin.patch.PatchExecuter] Checking for patches to apply …
11:21:34,101  INFO  [admin.patch.PatchExecuter] No patches were required.
11:21:34,106 User:System INFO  [repo.module.ModuleServiceImpl] Found 0 module(s).
11:21:34,136  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'fileServers' subsystem, ID: [fileServers, default]
11:21:34,164  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/version.properties]
11:21:34,165  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
11:21:34,167  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/domain/cache-strategies.properties]
11:21:34,381  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [Authentication, managed, kerberos1]
11:21:34,398  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/version.properties]
11:21:34,398  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
11:21:34,399  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/domain/cache-strategies.properties]
Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is /etc/alfrescohttp.keytab refreshKrb5Config is false principal is HTTP/debian5base.ccsgr3000.local tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Key for the principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL not available in /etc/alfrescohttp.keytab
      [Krb5LoginModule] user entered username: HTTP/debian5base.ccsgr3000.local

Acquire TGT using AS Exchange
principal is HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: C7 80 C7 88 72 A1 02 25   6E 94 6B 3A D2 38 F6 61  ….r..%n.k:.8.a

EncryptionKey: keyType=3 keyBytes (hex dump)=0000: 40 9D 1F BF CB 8A 98 9B   
EncryptionKey: keyType=1 keyBytes (hex dump)=0000: 40 9D 1F BF CB 8A 98 9B   
Added server's keyKerberos Principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCALKey Version 0key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: C7 80 C7 88 72 A1 02 25   6E 94 6B 3A D2 38 F6 61  ….r..%n.k:.8.a


      [Krb5LoginModule] added Krb5Principal  HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL to Subject
Added server's keyKerberos Principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCALKey Version 0key EncryptionKey: keyType=3 keyBytes (hex dump)=
0000: 40 9D 1F BF CB 8A 98 9B   

      [Krb5LoginModule] added Krb5Principal  HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL to Subject
Added server's keyKerberos Principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCALKey Version 0key EncryptionKey: keyType=1 keyBytes (hex dump)=
0000: 40 9D 1F BF CB 8A 98 9B   

      [Krb5LoginModule] added Krb5Principal  HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL to Subject
Commit Succeeded 

11:21:35,644  DEBUG [app.servlet.KerberosAuthenticationFilter] HTTP Kerberos login successful
11:21:35,644  DEBUG [app.servlet.KerberosAuthenticationFilter] Logged on using principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL
Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is /etc/alfrescohttp.keytab refreshKrb5Config is false principal is HTTP/debian5base.ccsgr3000.local tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Key for the principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL not available in /etc/alfrescohttp.keytab
      [Krb5LoginModule] user entered username: HTTP/debian5base.ccsgr3000.local

Acquire TGT using AS Exchange
principal is HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: C7 80 C7 88 72 A1 02 25   6E 94 6B 3A D2 38 F6 61  ….r..%n.k:.8.a

EncryptionKey: keyType=3 keyBytes (hex dump)=0000: 40 9D 1F BF CB 8A 98 9B   
EncryptionKey: keyType=1 keyBytes (hex dump)=0000: 40 9D 1F BF CB 8A 98 9B   
Added server's keyKerberos Principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCALKey Version 0key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: C7 80 C7 88 72 A1 02 25   6E 94 6B 3A D2 38 F6 61  ….r..%n.k:.8.a


      [Krb5LoginModule] added Krb5Principal  HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL to Subject
Added server's keyKerberos Principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCALKey Version 0key EncryptionKey: keyType=3 keyBytes (hex dump)=
0000: 40 9D 1F BF CB 8A 98 9B   

      [Krb5LoginModule] added Krb5Principal  HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL to Subject
Added server's keyKerberos Principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCALKey Version 0key EncryptionKey: keyType=1 keyBytes (hex dump)=
0000: 40 9D 1F BF CB 8A 98 9B   

      [Krb5LoginModule] added Krb5Principal  HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL to Subject
Commit Succeeded 

11:21:35,790  DEBUG [webdav.auth.KerberosAuthenticationFilter] HTTP Kerberos login successful
11:21:35,791  DEBUG [webdav.auth.KerberosAuthenticationFilter] Logged on using principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL
Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is /etc/alfrescohttp.keytab refreshKrb5Config is false principal is HTTP/debian5base.ccsgr3000.local tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Key for the principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL not available in /etc/alfrescohttp.keytab
      [Krb5LoginModule] user entered username: HTTP/debian5base.ccsgr3000.local

Acquire TGT using AS Exchange
principal is HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: C7 80 C7 88 72 A1 02 25   6E 94 6B 3A D2 38 F6 61  ….r..%n.k:.8.a

EncryptionKey: keyType=3 keyBytes (hex dump)=0000: 40 9D 1F BF CB 8A 98 9B   
EncryptionKey: keyType=1 keyBytes (hex dump)=0000: 40 9D 1F BF CB 8A 98 9B   
Added server's keyKerberos Principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCALKey Version 0key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: C7 80 C7 88 72 A1 02 25   6E 94 6B 3A D2 38 F6 61  ….r..%n.k:.8.a


      [Krb5LoginModule] added Krb5Principal  HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL to Subject
Added server's keyKerberos Principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCALKey Version 0key EncryptionKey: keyType=3 keyBytes (hex dump)=
0000: 40 9D 1F BF CB 8A 98 9B   

      [Krb5LoginModule] added Krb5Principal  HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL to Subject
Added server's keyKerberos Principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCALKey Version 0key EncryptionKey: keyType=1 keyBytes (hex dump)=
0000: 40 9D 1F BF CB 8A 98 9B   

      [Krb5LoginModule] added Krb5Principal  HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL to Subject
Commit Succeeded 

11:21:35,818  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [Authentication, managed, kerberos1] complete
11:21:35,818  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [Authentication, managed, ldap1]
11:21:35,830  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/version.properties]
11:21:35,830  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
11:21:35,830  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/domain/cache-strategies.properties]
11:21:36,037  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [Authentication, managed, ldap1] complete
11:21:36,117  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'fileServers' subsystem, ID: [fileServers, default] complete
11:21:36,117  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'imap' subsystem, ID: [imap, default]
11:21:36,132  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/version.properties]
11:21:36,132  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
11:21:36,132  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/domain/cache-strategies.properties]
11:21:36,184  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'imap' subsystem, ID: [imap, default] complete
11:21:36,184  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'email' subsystem, ID: [email, outbound]
11:21:36,196  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/version.properties]
11:21:36,199  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
11:21:36,199  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/domain/cache-strategies.properties]
11:21:36,240  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'email' subsystem, ID: [email, outbound] complete
11:21:36,240  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'email' subsystem, ID: [email, inbound]
11:21:36,251  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/version.properties]
11:21:36,251  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
11:21:36,251  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/domain/cache-strategies.properties]
11:21:36,294  WARN  [springframework.beans.GenericTypeAwarePropertyDescriptor] Invalid JavaBean property 'blockedSenders' being accessed! Ambiguous write methods found next to actually used [public void org.alfresco.email.server.EmailServer.setBlockedSenders(java.util.List)]: [public void org.alfresco.email.server.EmailServer.setBlockedSenders(java.lang.String)]
11:21:36,294  WARN  [springframework.beans.GenericTypeAwarePropertyDescriptor] Invalid JavaBean property 'allowedSenders' being accessed! Ambiguous write methods found next to actually used [public void org.alfresco.email.server.EmailServer.setAllowedSenders(java.util.List)]: [public void org.alfresco.email.server.EmailServer.setAllowedSenders(java.lang.String)]
11:21:36,309  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'email' subsystem, ID: [email, inbound] complete
11:21:36,311  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'googledocs' subsystem, ID: [googledocs, default]
11:21:36,345  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/version.properties]
11:21:36,346  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
11:21:36,346  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/domain/cache-strategies.properties]
11:21:36,551  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'googledocs' subsystem, ID: [googledocs, default] complete
11:21:36,564  INFO  [repo.usage.UserUsageTrackingComponent] Enabled - calculate missing user usages …
11:21:36,571  INFO  [repo.usage.UserUsageTrackingComponent] Found 0 users to recalculate
11:21:36,571  INFO  [repo.usage.UserUsageTrackingComponent] … calculated missing usages for 0 users
11:21:36,572  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
11:21:36,594  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/version.properties]
11:21:36,594  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
11:21:36,594  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/domain/cache-strategies.properties]
11:21:36,612 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
11:21:36,619 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving groups changed since Dec 17, 2010 3:23:51 PM from user registry 'ldap1'
11:21:36,678 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Commencing batch of 0 entries
11:21:36,679 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Completed batch of 0 entries
11:21:36,684 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving users changed since Dec 22, 2010 8:23:11 AM from user registry 'ldap1'
11:21:36,696 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Commencing batch of 1 entries
11:21:36,751 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Processed 1 entries out of 1. 100% complete. Rate: 18 per second. 0 failures detected.
11:21:36,751 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Completed batch of 1 entries
11:21:36,769 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'ldap1'
11:21:36,769 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] 1 user(s) and 0 group(s) processed
11:21:36,778  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete
11:21:36,818  INFO  [service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_22-b04; maximum heap size 989.875MB
11:21:36,829  INFO  [service.descriptor.DescriptorService] Alfresco started (Community): Current version 3.4.0 (c 3335) schema 4113 - Originally installed version 3.3.0 (g 2860) schema 4100
11:21:36,830  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'Replication' subsystem, ID: [Replication, default]
11:21:36,838  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/version.properties]
11:21:36,838  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
11:21:36,838  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/domain/cache-strategies.properties]
11:21:36,842  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Replication' subsystem, ID: [Replication, default] complete
11:21:42,425 User:System INFO  [extensions.webscripts.DeclarativeRegistry] Registered 372 Web Scripts (+0 failed), 613 URLs
11:21:42,425 User:System INFO  [extensions.webscripts.DeclarativeRegistry] Registered 2 Package Description Documents (+0 failed) 
11:21:42,425 User:System INFO  [extensions.webscripts.DeclarativeRegistry] Registered 1 Schema Description Documents (+0 failed) 
11:21:42,427 User:System INFO  [extensions.webscripts.AbstractRuntimeContainer] Initialised Repository Web Script Container (in 5110.3765ms)
11:21:42,435  INFO  [extensions.webscripts.TemplateProcessorRegistry] Registered template processor freemarker for extension ftl
11:21:42,438  INFO  [extensions.webscripts.ScriptProcessorRegistry] Registered script processor javascript for extension js
Dec 22, 2010 11:21:43 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive share.war
11:21:48,160  INFO  [extensions.webscripts.DeclarativeRegistry] Registered 264 Web Scripts (+0 failed), 274 URLs
11:21:48,162  INFO  [extensions.webscripts.DeclarativeRegistry] Registered 8 Package Description Documents (+0 failed) 
11:21:48,162  INFO  [extensions.webscripts.DeclarativeRegistry] Registered 0 Schema Description Documents (+0 failed) 
11:21:48,238  INFO  [extensions.webscripts.AbstractRuntimeContainer] Initialised Spring Surf Container Web Script Container (in 1238.9984ms)
11:21:48,268  INFO  [extensions.webscripts.TemplateProcessorRegistry] Registered template processor freemarker for extension ftl
11:21:48,342  INFO  [extensions.webscripts.ScriptProcessorRegistry] Registered script processor javascript for extension js
11:21:48,597  INFO  [extensions.webscripts.TemplateProcessorRegistry] Registered template processor freemarker for extension ftl
11:21:48,601  INFO  [extensions.webscripts.ScriptProcessorRegistry] Registered script processor javascript for extension js
11:21:48,904  INFO  [extensions.webscripts.TemplateProcessorRegistry] Registered template processor freemarker for extension ftl
11:21:48,908  INFO  [extensions.webscripts.ScriptProcessorRegistry] Registered script processor javascript for extension js
Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is /etc/alfrescohttp.keytab refreshKrb5Config is false principal is HTTP/debian5base.ccsgr3000.local tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Key for the principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL not available in /etc/alfrescohttp.keytab
      [Krb5LoginModule] user entered username: HTTP/debian5base.ccsgr3000.local

Acquire TGT using AS Exchange
principal is HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: C7 80 C7 88 72 A1 02 25   6E 94 6B 3A D2 38 F6 61  ….r..%n.k:.8.a

EncryptionKey: keyType=3 keyBytes (hex dump)=0000: 40 9D 1F BF CB 8A 98 9B   
EncryptionKey: keyType=1 keyBytes (hex dump)=0000: 40 9D 1F BF CB 8A 98 9B   
Added server's keyKerberos Principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCALKey Version 0key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: C7 80 C7 88 72 A1 02 25   6E 94 6B 3A D2 38 F6 61  ….r..%n.k:.8.a


      [Krb5LoginModule] added Krb5Principal  HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL to Subject
Added server's keyKerberos Principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCALKey Version 0key EncryptionKey: keyType=3 keyBytes (hex dump)=
0000: 40 9D 1F BF CB 8A 98 9B   

      [Krb5LoginModule] added Krb5Principal  HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL to Subject
Added server's keyKerberos Principal HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCALKey Version 0key EncryptionKey: keyType=1 keyBytes (hex dump)=
0000: 40 9D 1F BF CB 8A 98 9B   

      [Krb5LoginModule] added Krb5Principal  HTTP/debian5base.ccsgr3000.local@CCSGR3000.LOCAL to Subject
Commit Succeeded 

11:21:50,290  INFO  [site.servlet.SSOAuthenticationFilter] NTLMAuthenticationFilter initialised.
Dec 22, 2010 11:21:50 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory docs
Dec 22, 2010 11:21:50 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory ROOT
Dec 22, 2010 11:21:50 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory examples
Dec 22, 2010 11:21:50 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Dec 22, 2010 11:21:50 AM org.apache.coyote.ajp.AjpAprProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-8009
Dec 22, 2010 11:21:50 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 41529 ms
11:22:00,260  INFO  [alfresco.util.OpenOfficeConnectionTester] The OpenOffice connection was re-established.
11:23:15,690  DEBUG [app.servlet.KerberosAuthenticationFilter] New Kerberos auth request from 10.1.16.117 (10.1.16.117:3826)
11:23:15,743 User:hgonzalez DEBUG [app.servlet.KerberosAuthenticationFilter] User hgonzalez logged on via Kerberos
11:23:45,764  DEBUG [app.servlet.KerberosAuthenticationFilter] Authentication not required (filter), chaining …
11:23:45,833  DEBUG [app.servlet.KerberosAuthenticationFilter] Authentication not required (filter), chaining …
11:23:45,852  DEBUG [app.servlet.KerberosAuthenticationFilter] Authentication not required (filter), chaining …
11:23:45,861  DEBUG [app.servlet.KerberosAuthenticationFilter] Authentication not required (filter), chaining …
11:23:45,867  DEBUG [app.servlet.KerberosAuthenticationFilter] Authentication not required (filter), chaining …
11:23:45,882  DEBUG [app.servlet.KerberosAuthenticationFilter] Authentication not required (filter), chaining …
11:23:45,886  DEBUG [app.servlet.KerberosAuthenticationFilter] Authentication not required (filter), chaining …
11:31:00,644 User:hgonzalez DEBUG [app.servlet.KerberosAuthenticationFilter] New Kerberos auth request from 127.0.0.1 (127.0.0.1:35163)
11:31:00,674 http-8080-2 WARN  [site.servlet.KerberosSessionSetupPrivilegedAction] credentials can not be delegated!



Thanks in advance and best regards,

hwgonz
Labels:
0 Kudos
4 REPLIES 4

ivan_plestina
Champ in-the-making
Champ in-the-making

‎09-08-2011 07:55 AM

Have you solved this?
0 Kudos

banania
Champ in-the-making
Champ in-the-making

‎12-13-2011 08:55 AM

Hi,

Just in case somebody else got the same problem… as I did   Smiley Surprisedops:  : you will get this error message if you do not set the "Delegation" parameter in the active directory.
It's all explained in the doc :

http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Share_Kerberos_SSO
(Active directory section)



HTH
0 Kudos

okelet
Champ in-the-making
Champ in-the-making

‎02-16-2012 01:32 PM

Anyone does know how can I do this using MIT Kerberos?

Regards and thanks in advance.
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎06-10-2012 09:50 AM

See https://forums.alfresco.com/en/viewtopic.php?f=9&t=27445
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC