[keycloak-user] Kerberos Authentication

["Matthias Müller"]

I added the necessary fields in the ldap configuration before.
 
Realm: local.domain
Principal: HTTP/server.name at local.domain
Keytab: /etc/keytab/servername.keytab
 
local.domain and server.name are place holder for the original settings.
 
The following message is shown with kinit and kvno:
kinit: Preauthentication failed while getting initial credentials
No credentials cache found (filename: /tmp/krb5cc_0) while getting client principal name
 
When I read the keytab file with klist the output is:
0 01/01/1970 00:00:00 HTTP/server.name at local.domain (aes256-cts-hmac-sha1-96)
 
Related to the log:
No entry is shown in this case. Only when I deactivate kerberos the normals logs are shown for example wrong user.
 
Thanks
 

Gesendet: Sonntag, 08. Juli 2018 um 22:13 Uhr
Von: "Jochen Hein" <jochen at jochen.org>
An: "Matthias Müller" <matthiasmueller07 at web.de>
Betreff: Re: Aw: Re: [keycloak-user] Kerberos Authentication
"Matthias Müller" <matthiasmueller07 at web.de> writes:

> The keytab file was generated by the server tools on a Windows Server (Active directory).
> I saved the keytab in /etc/keytab/ folder, user is the same as keykloak.

Did you add the keytab and Principal to the LDAP configuration?
Can you "kinit -kt /etc/keytab/keycloak.keytab HTTP/<yourhost>"?
Ist "kvno HTTP/<yourhost>" valid (same as on Kerberos server)?

> The debug option is enabled but no server.log exists. In console.log
> nothing related to Kerberos appears.

Can you show the log? Please move the discussion back to the list.

Jochen

--
This space is intentionally left blank.