[zanata-users] Auth with kerberos

Ramann, Björn Bjoern.Ramann at governikus.de
Tue Sep 22 11:28:09 UTC 2015 

hi at all,

i try to auth users with Kerberos to our windows Active directory and configure:

<bindings>
                <!-- <simple name="java:global/zanata/security/auth-policy-names/internal" value="zanata.internal"/> -->
                <!-- <simple name="java:global/zanata/security/auth-policy-names/openid" value="zanata.openid"/> -->
                <simple name="java:global/zanata/security/auth-policy-names/kerberos" value="zanata.kerberos"/>
                <simple name="java:global/zanata/security/admin-users" value="admin"/>
                <simple name="java:global/zanata/files/document-storage-directory" value="${user.home}/zanata/files"/>
                <simple name="java:global/zanata/email/default-from-address" value="noreply at blub.com"/>
            </bindings>
...

<security-domain name="zanata.kerberos">
                    <authentication>
                        <login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule" flag="sufficient">
                            <module-option name="password-stacking" value="useFirstPass"/>
                            <module-option name="serverSecurityDomain" value="host"/>
                            <module-option name="removeRealmFromPrincipal" value="true"/>
                            <module-option name="usernamePasswordDomain" value="krb5"/>
                        </login-module>
                    </authentication>
                </security-domain>
                <security-domain name="krb5">
                    <authentication>
                        <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="sufficient">
                            <module-option name="storePass" value="false"/>
                            <module-option name="clearPass" value="true"/>
                            <module-option name="debug" value="true"/>
                            <module-option name="doNotPrompt" value="false"/>
                        </login-module>
                    </authentication>
                </security-domain>
                <security-domain name="host">
                    <authentication>
                        <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
                            <module-option name="storeKey" value="true"/>
                            <module-option name="useKeyTab" value="true"/>
                            <module-option name="principal" value="HTTP/dc01.domain.com at DOMAIN.COM"/>
                            <module-option name="keyTab" value="/opt/zanata/wildfly/standalone/configuration/jboss.keytab"/>
                            <module-option name="doNotPrompt" value="true"/>
                            <module-option name="debug" value="true"/>
                        </login-module>
                    </authentication>


But on the page, when I press login, I get da 403 and there is no fiel to type my credentials in.

Soft:
13:25:45,457Z INFO  [org.quartz.core.QuartzScheduler] (ServerService Thread Pool -- 58) Scheduler DefaultQuartzScheduler_$_NON_CLUSTERED started.
13:25:45,755Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) App server release codename: Kenny
13:25:45,755Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) App server release version: 1.0.1.Final
13:25:45,755Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) WildFly Full version: 9.0.1.Final
13:25:45,757Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) ============================================
13:25:45,757Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)    _____                     _
13:25:45,757Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   /__  /  ____ _____  ____ _/ /_____ _
13:25:45,757Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)     / /  / __ `/ __ \/ __ `/ __/ __ `/
13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)    / /__/ /_/ / / / / /_/ / /_/ /_/ /
13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   /____/\__,_/_/ /_/\__,_/\__/\__,_/
13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   Application version: 3.7.2
13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   SCM: git-server-3.7.2
13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   Red Hat Inc 2008-2015
13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) ============================================
13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) SPNEGO/Kerberos authentication: enabled
13:25:45,759Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) Enable copyTrans: true


Please advise!

Thanks
bjoern


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/zanata-users/attachments/20150922/ec4fcab0/attachment.htm>

More information about the zanata-users mailing list