[zanata-users] Auth with kerberos
Ramann, Björn
Bjoern.Ramann at governikus.de
Tue Sep 22 15:11:18 UTC 2015
Two more question:
1. Without kerberos, i have a username and password form in the main page, with enabled Kerberos, there is no user and pass form. Is this correct? When yes, how do I enter my credentials?
2. In the domain-security "host", I have: <module-option name="principal" value="HTTP/dc01.domain.com at DOMAIN.COM"/>
Is there a detailed documentation about the syntax of the value?
Thanks!
Von: zanata-users-bounces at redhat.com [mailto:zanata-users-bounces at redhat.com] Im Auftrag von Ramann, Björn
Gesendet: Dienstag, 22. September 2015 13:28
An: zanata-users at redhat.com
Betreff: [zanata-users] Auth with kerberos
hi at all,
i try to auth users with Kerberos to our windows Active directory and configure:
<bindings>
<!-- <simple name="java:global/zanata/security/auth-policy-names/internal" value="zanata.internal"/> -->
<!-- <simple name="java:global/zanata/security/auth-policy-names/openid" value="zanata.openid"/> -->
<simple name="java:global/zanata/security/auth-policy-names/kerberos" value="zanata.kerberos"/>
<simple name="java:global/zanata/security/admin-users" value="admin"/>
<simple name="java:global/zanata/files/document-storage-directory" value="${user.home}/zanata/files"/>
<simple name="java:global/zanata/email/default-from-address" value="noreply at blub.com<mailto:noreply at blub.com>"/>
</bindings>
...
<security-domain name="zanata.kerberos">
<authentication>
<login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule" flag="sufficient">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="serverSecurityDomain" value="host"/>
<module-option name="removeRealmFromPrincipal" value="true"/>
<module-option name="usernamePasswordDomain" value="krb5"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="krb5">
<authentication>
<login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="sufficient">
<module-option name="storePass" value="false"/>
<module-option name="clearPass" value="true"/>
<module-option name="debug" value="true"/>
<module-option name="doNotPrompt" value="false"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="host">
<authentication>
<login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
<module-option name="storeKey" value="true"/>
<module-option name="useKeyTab" value="true"/>
<module-option name="principal" value="HTTP/dc01.domain.com at DOMAIN.COM<mailto:HTTP/dc01.domain.com at DOMAIN.COM>"/>
<module-option name="keyTab" value="/opt/zanata/wildfly/standalone/configuration/jboss.keytab"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="debug" value="true"/>
</login-module>
</authentication>
But on the page, when I press login, I get da 403 and there is no fiel to type my credentials in.
Soft:
13:25:45,457Z INFO [org.quartz.core.QuartzScheduler] (ServerService Thread Pool -- 58) Scheduler DefaultQuartzScheduler_$_NON_CLUSTERED started.
13:25:45,755Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) App server release codename: Kenny
13:25:45,755Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) App server release version: 1.0.1.Final
13:25:45,755Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) WildFly Full version: 9.0.1.Final
13:25:45,757Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) ============================================
13:25:45,757Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) _____ _
13:25:45,757Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) /__ / ____ _____ ____ _/ /_____ _
13:25:45,757Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) / / / __ `/ __ \/ __ `/ __/ __ `/
13:25:45,758Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) / /__/ /_/ / / / / /_/ / /_/ /_/ /
13:25:45,758Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) /____/\__,_/_/ /_/\__,_/\__/\__,_/
13:25:45,758Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) Application version: 3.7.2
13:25:45,758Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) SCM: git-server-3.7.2
13:25:45,758Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) Red Hat Inc 2008-2015
13:25:45,758Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) ============================================
13:25:45,758Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) SPNEGO/Kerberos authentication: enabled
13:25:45,759Z INFO [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) Enable copyTrans: true
Please advise!
Thanks
bjoern
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/zanata-users/attachments/20150922/e8a928ea/attachment.htm>
More information about the zanata-users
mailing list