Kerberos and passthru authentication seem to fill the same niche in regards to authenticating to Active Directory. They both support SSO, both support CIFS, and neither support syncing user details. But kerberos is more secure and supports newer protocols, so it's seems to me kerberos would be the better choice between kerberos or passthru. Is this correct?
I only wonder because all the documentation I find (through Google) for using Alfresco with Active Directory talks about passthru instead of kerberos. I haven't been using Alfresco for long, so I didn't know if maybe kerberos was just very new and all that documentation is outdated, or if maybe I was missing some reason for why passthru would be used instead of kerberos.
For example, this wiki page http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Example_1:_Advanced_AD_Chain
suggest using the following auth chain:
alfrescoNtlm1:alfrescoNtlm,passthru1
assthru,ldap1:ldap-ad
but it seems to me something like this would be better:
alfrescoNtlm1:alfrescoNtlm,kerberos1:kerberos,ldap1:ldap-ad
I only wonder because all the documentation I find (through Google) for using Alfresco with Active Directory talks about passthru instead of kerberos. I haven't been using Alfresco for long, so I didn't know if maybe kerberos was just very new and all that documentation is outdated, or if maybe I was missing some reason for why passthru would be used instead of kerberos.
For example, this wiki page http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Example_1:_Advanced_AD_Chain
suggest using the following auth chain:
alfrescoNtlm1:alfrescoNtlm,passthru1
assthru,ldap1:ldap-adbut it seems to me something like this would be better:
alfrescoNtlm1:alfrescoNtlm,kerberos1:kerberos,ldap1:ldap-ad
Hi,
we have problems configuring Kerberos with ActiveDirectory.
We followed all the instructions in the wiki page http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems but at sturtup on log file we have this error:
Is someone able to configure Kerberos + AD to use with alfresco?
Thanks to all!
Below you find software version:
Alfresco:
alfresco-3.4.d , java version "1.6.0_18" 32 bit
Kerberos:
pam_krb5-2.2.14-15
krb5-workstation-1.6.1-36.el5_5.6
krb5-libs-1.6.1-36.el5_5.6
OS:
kernel: 2.6.18-194.32.1.el5
CentOS release 5.5 (Final)
AD:
Active Directory 5.2.3790.3959 ( on Windows Server 2003 Enterprise Edition R2 Service Pack 2)
we have problems configuring Kerberos with ActiveDirectory.
We followed all the instructions in the wiki page http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems but at sturtup on log file we have this error:
ERROR [org.alfresco.fileserver] CIFS server configuration error, Error creating bean with name 'cifsAuthenticator' defined in file [/opt/alfresc
o-3.4.d/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/kerberos/kerberos-authentication-context.xml]: Invocation of init method fa
iled; nested exception is java.lang.SecurityException: Configuration Error:
Can not specify multiple entries for Alfresco
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'cifsAuthenticator' defined in file [/opt/alfresco-3.4.d/tomcat/webapps
/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/kerberos/kerberos-authentication-context.xml]: Invocation of init method failed; nested exception
is java.lang.SecurityException: Configuration Error:
Can not specify multiple entries for Alfresco
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1401)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:512)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:290)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:287)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:189)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:557)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:842)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:416)
at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:624)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:458)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:440)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.getState(AbstractPropertyBackedBean.java:221)
at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory.getApplicationContext(ChildApplicationContextFactory.java:336)
at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager$ApplicationContextManagerState.getApplicationContext(DefaultChildAppl
icationContextManager.java:289)
at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager$ApplicationContextManagerState.start(DefaultChildApplicationContextManager.java:248)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:458)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:440)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.getState(AbstractPropertyBackedBean.java:221)
at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager.getInstanceIds(DefaultChildApplicationContextManager.java:145)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:64)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy222.isActive(Unknown Source)
at org.alfresco.filesys.config.ServerConfigurationBean.processCIFSServerConfig(ServerConfigurationBean.java:171)
at org.alfresco.filesys.AbstractServerConfigurationBean.init(AbstractServerConfigurationBean.java:470)
at org.alfresco.filesys.AbstractServerConfigurationBean.onApplicationEvent(AbstractServerConfigurationBean.java:819)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:624)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:458)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:386)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:78)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:261)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:192)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3972)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:519)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.lang.SecurityException: Configuration Error:
Can not specify multiple entries for Alfresco
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at javax.security.auth.login.Configuration$3.run(Configuration.java:247)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:242)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403)
at org.alfresco.filesys.auth.cifs.EnterpriseCifsAuthenticator.initialize(EnterpriseCifsAuthenticator.java:311)
at org.alfresco.filesys.auth.cifs.CifsAuthenticatorBase.afterPropertiesSet(CifsAuthenticatorBase.java:278)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1460)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1398)
… 67 more
Caused by: java.io.IOException: Configuration Error:
Can not specify multiple entries for Alfresco
at com.sun.security.auth.login.ConfigFile.parseLoginEntry(ConfigFile.java:447)
at com.sun.security.auth.login.ConfigFile.readConfig(ConfigFile.java:350)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:262)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:224)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91)
… 84 more
Is someone able to configure Kerberos + AD to use with alfresco?
Thanks to all!
Below you find software version:
Alfresco:
alfresco-3.4.d , java version "1.6.0_18" 32 bit
Kerberos:
pam_krb5-2.2.14-15
krb5-workstation-1.6.1-36.el5_5.6
krb5-libs-1.6.1-36.el5_5.6
OS:
kernel: 2.6.18-194.32.1.el5
CentOS release 5.5 (Final)
AD:
Active Directory 5.2.3790.3959 ( on Windows Server 2003 Enterprise Edition R2 Service Pack 2)
