[zanata-users] Auth with kerberos

Ramann, Björn Bjoern.Ramann at governikus.de
Tue Sep 22 15:11:18 UTC 2015 

Two more question:


1.      Without kerberos, i have a username and password form in the main page, with enabled Kerberos, there is no user and pass form. Is this correct? When yes, how do I enter my credentials?

2.      In the domain-security "host",  I have:                              <module-option name="principal" value="HTTP/dc01.domain.com at DOMAIN.COM"/>
Is there a detailed documentation about the syntax of the value?

Thanks!



Von: zanata-users-bounces at redhat.com [mailto:zanata-users-bounces at redhat.com] Im Auftrag von Ramann, Björn
Gesendet: Dienstag, 22. September 2015 13:28
An: zanata-users at redhat.com
Betreff: [zanata-users] Auth with kerberos

hi at all,

i try to auth users with Kerberos to our windows Active directory and configure:

<bindings>
                <!-- <simple name="java:global/zanata/security/auth-policy-names/internal" value="zanata.internal"/> -->
                <!-- <simple name="java:global/zanata/security/auth-policy-names/openid" value="zanata.openid"/> -->
                <simple name="java:global/zanata/security/auth-policy-names/kerberos" value="zanata.kerberos"/>
                <simple name="java:global/zanata/security/admin-users" value="admin"/>
                <simple name="java:global/zanata/files/document-storage-directory" value="${user.home}/zanata/files"/>
                <simple name="java:global/zanata/email/default-from-address" value="noreply at blub.com<mailto:noreply at blub.com>"/>
            </bindings>
...

<security-domain name="zanata.kerberos">
                    <authentication>
                        <login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule" flag="sufficient">
                            <module-option name="password-stacking" value="useFirstPass"/>
                            <module-option name="serverSecurityDomain" value="host"/>
                            <module-option name="removeRealmFromPrincipal" value="true"/>
                            <module-option name="usernamePasswordDomain" value="krb5"/>
                        </login-module>
                    </authentication>
                </security-domain>
                <security-domain name="krb5">
                    <authentication>
                        <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="sufficient">
                            <module-option name="storePass" value="false"/>
                            <module-option name="clearPass" value="true"/>
                            <module-option name="debug" value="true"/>
                            <module-option name="doNotPrompt" value="false"/>
                        </login-module>
                    </authentication>
                </security-domain>
                <security-domain name="host">
                    <authentication>
                        <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
                            <module-option name="storeKey" value="true"/>
                            <module-option name="useKeyTab" value="true"/>
                            <module-option name="principal" value="HTTP/dc01.domain.com at DOMAIN.COM<mailto:HTTP/dc01.domain.com at DOMAIN.COM>"/>
                            <module-option name="keyTab" value="/opt/zanata/wildfly/standalone/configuration/jboss.keytab"/>
                            <module-option name="doNotPrompt" value="true"/>
                            <module-option name="debug" value="true"/>
                        </login-module>
                    </authentication>


But on the page, when I press login, I get da 403 and there is no fiel to type my credentials in.

Soft:
13:25:45,457Z INFO  [org.quartz.core.QuartzScheduler] (ServerService Thread Pool -- 58) Scheduler DefaultQuartzScheduler_$_NON_CLUSTERED started.
13:25:45,755Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) App server release codename: Kenny
13:25:45,755Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) App server release version: 1.0.1.Final
13:25:45,755Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) WildFly Full version: 9.0.1.Final
13:25:45,757Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) ============================================
13:25:45,757Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)    _____                     _
13:25:45,757Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   /__  /  ____ _____  ____ _/ /_____ _
13:25:45,757Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)     / /  / __ `/ __ \/ __ `/ __/ __ `/
13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)    / /__/ /_/ / / / / /_/ / /_/ /_/ /
13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   /____/\__,_/_/ /_/\__,_/\__/\__,_/
13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   Application version: 3.7.2
13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   SCM: git-server-3.7.2
13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   Red Hat Inc 2008-2015
13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) ============================================
13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) SPNEGO/Kerberos authentication: enabled
13:25:45,759Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) Enable copyTrans: true


Please advise!

Thanks
bjoern


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/zanata-users/attachments/20150922/e8a928ea/attachment.htm>

More information about the zanata-users mailing list