Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Kerberos problems: Default realm not specified

gronfelt
Champ in-the-making
Champ in-the-making

‎12-27-2011 09:02 AM

I'm trying to set up authentication and SSO with AD through Kerberos. I've followed the documentation for 4.0 but can't get it to work.

This is my kerberos-filter.properties

kerberos.authentication.http.configEntryName=AlfrescoHTTP
kerberos.authentication.http.password=********
kerberos.authentication.sso.enabled=true
kerberos.authentication.browser.ticketLogons=true

I've created this krb5.ini in C:\WINNT:

[libdefaults]
 default_realm = MYDOMAIN.LOCAL
 default_tkt_enctypes = rc4-hmac
 default_tgs_enctypes = rc4-hmac 

[realms]
 MYDOMAIN.LOCAL = {
  kdc = adserver.mydomain.local
  admin_server = adserver.mydomain.local
 }

[domain_realm]
 adserver.mydomain.local = MYDOMAIN.LOCAL
 .adserver.mydomain.local = MYDOMAIN.LOCAL

However, when I try to access the Alfresco application I get the following error:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'globalAuthenticationFilter' defined in file [C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\kerberos\kerberos-filter-context.xml]: Invocation of init method failed; nested exception is javax.servlet.ServletException: Failed to login HTTP server service
caused by:
javax.servlet.ServletException: Failed to login HTTP server service

This is in stdout.log:

Caused by: KrbException: Null realm name (601) - default realm not specified 
   at sun.security.krb5.KrbAsReq.createMessage(KrbAsReq.java:474)
   at sun.security.krb5.KrbAsReq.init(KrbAsReq.java:374)
   at sun.security.krb5.KrbAsReq.<init>(KrbAsReq.java:260)
   at sun.security.krb5.KrbAsReq.<init>(KrbAsReq.java:61)
   at sun.security.krb5.Credentials.sendASRequest(Credentials.java:396)
   at sun.security.krb5.Credentials.acquireTGT(Credentials.java:355)
   at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662)
   … 44 more

It seems that the krb5.ini settings are not used, since the error says that the default realm is not specified. What could be the cause of this? I've also tried to put the file in <alfresco>/java/jre/lib/security, but that doesn't make any difference.

I also have another question on the subject: The 4.0 documentation states that one should change the settings in share-config-custom.xml.sample to get SSO working with Share and Kerberos, however my share-config-custom.xml.sample does not contain any lines about Kerberos. Am I looking in the wrong place (<alfresco>/tomcat/shared/classes/alfresco/web-extensions).
Labels:
0 Kudos
2 REPLIES 2

gronfelt
Champ in-the-making
Champ in-the-making

‎01-02-2012 02:53 AM

I gave up on getting this to work in Windows, and instead installed the Linux version of Alfresco on CentOS. This also meant going from 4.0b to 4.0c and now everything works as expected.
0 Kudos

aditya_chaudhar
Champ on-the-rise
Champ on-the-rise
In response to gronfelt

‎02-06-2015 07:27 AM

Hi gronfelt ,
I am also getting same error.
can you please tell why you shift to linux ?

can you suggest me how to solve this in windows?


0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC