JBoss Community

Re: Configure AS7 to authenticate users with kerberos

created by guillaume cornet in JBoss AS 7 Development - View the full discussion

Hi Antoan,

 

 

I faced the same problem (e.g. 'Checksum failed'), and, in my case, I solve this error by changing the 'host' security-domain configuration.

 

 

According to https://community.jboss.org/wiki/DRAFTUsingJBossNegotiationOnAS7, the 'host' security-domain should be configured like that :

 

    <security-domain name="host" cache-type="default">

        <authentication>

        <login-module code="Kerberos" flag="required">

            <module-option name="storeKey" value="true"/>

            <module-option name="useKeyTab" value="true"/>

            <module-option name="principal" value="host/testserver@MY_REALM"/>

            <module-option name="keyTab" value="/home/username/service.keytab"/>

            <module-option name="doNotPrompt" value="true"/>

            <module-option name="debug" value="false"/>

        </login-module>

        </authentication>

    </security-domain>

 

 

In my case, the solution was to configure it like that :

 

    <security-domain name="host" cache-type="default">

        <authentication>

        <login-module code="Kerberos" flag="required">

            <module-option name="storeKey" value="true"/>

            <module-option name="useKeyTab" value="true"/>

            <module-option name="principal" value="HTTP/{testserver}"/>

            <module-option name="keyTab" value="/home/username/service.keytab"/>

            <module-option name="doNotPrompt" value="true"/>

            <module-option name="debug" value="false"/>

        </login-module>

        </authentication>

    </security-domain>

 

where {testserver} is the FQDN of the machine.

 

 

Cheers

Reply to this message by going to Community

Start a new discussion in JBoss AS 7 Development at Community