Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problems to configure Kerberosauthentication

alfone
Champ in-the-making
Champ in-the-making

‎09-24-2009 10:36 AM

Hi,

i´m new in alfresco.
I have to set it up and let authenticate against kerberos.

OpenSUSE 11.1
KDC is setup on another SuSE 11.1
Alfresco 3.2

I´ve set it up correct and it´s work fine, without kerberos and jaas.

OK. My problem is: i don´t know, where i have to put my jaas-authentication-context.xml
and where i have to enable it.

Maybe, someone out can help me.

thanks for your help
Labels:
0 Kudos
4 REPLIES 4

alfone
Champ in-the-making
Champ in-the-making

‎09-29-2009 07:41 AM

Is there anybody out there who knows a littlebit about?
The most setting are done. And when i try to put some attributes like location of the kdc to the startfile.sh it works.
So, i think the problem is the jaas-authentication-context.xml file…that is not enabled and correct setup.

Please, if you need further information ask me, but help me please…
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-29-2009 12:00 PM

You don't need one and you don't need to put it anywhere.

You need a file $TOMCAT_HOME/share/classes/alfresco-global.properties

Then set the following properties (after reading the Wiki http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Kerberos )

authentication.chain=kerberos1:kerberos
kerberos.authentication.realm=ALFRESCO.ORG
kerberos.authentication.defaultAdministratorUserNames=adminName
kerberos.authentication.cifs.password=secret
kerberos.authentication.authenticateCIFS=true
kerberos.authentication.http.password=secret
kerberos.authentication.sso.enabled=true

Then follow this guide to configuring the Kerberos server side

http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuring_against_Active_Director...

That's it.
0 Kudos

alfone
Champ in-the-making
Champ in-the-making

‎09-30-2009 06:40 AM

ok. first…thank you for your response. my server isn´t so nice.

i´ve done, how you describe. unfortunately it doesn´t work but i think the target isn´t far.
I think the only one problem is, the alfresco-server don´t know the ip/location of the kdc/kerberos.
And i don´t know, where i have to tell him.
i thought, i do this for the cifs-server in the file-servers.xml and for the httpserver in the web.xml…

file-servers.xml:

<!– CIFS Enterprise authentication sample with Kerberos –>^M
       <authenticator type="enterprise"/>^M
         <KDC>192.168.20.106</KDC>^M
         <Realm>LOCAL</Realm>^M
         <Password>pass</Password>^M
          ^M
         <kerberosDebug/>^M
      </authenticator>  


in the web.xml i do nothing…

when i put the ip/location for the kdc/kerberos in the alfresco.sh and start up…the servers get their tickets…but only then…
mabee there is a global way, how i can tell the alfresco server, that he has to authenticate at ip=ipOfKdc

thanks for your help.
0 Kudos

alfone
Champ in-the-making
Champ in-the-making

‎09-30-2009 10:11 AM

OK. i solve the problem.

My mistake:

i thought, that the location of the krb5.conf file only on the kdc/ kerberos host is.
But i have to put it on the host where alfresco run.
Now it works.

thanks to my helping hand
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC