I added the necessary fields in the ldap configuration before.
Realm: local.domain
Principal: HTTP/server.name(a)local.domain
Keytab: /etc/keytab/servername.keytab
local.domain and server.name are place holder for the original settings.
The following message is shown with kinit and kvno:
kinit: Preauthentication failed while getting initial credentials
No credentials cache found (filename: /tmp/krb5cc_0) while getting client principal name
When I read the keytab file with klist the output is:
0 01/01/1970 00:00:00 HTTP/server.name(a)local.domain (aes256-cts-hmac-sha1-96)
Related to the log:
No entry is shown in this case. Only when I deactivate kerberos the normals logs are shown
for example wrong user.
Thanks
Gesendet: Sonntag, 08. Juli 2018 um 22:13 Uhr
Von: "Jochen Hein" <jochen(a)jochen.org>
An: "Matthias Müller" <matthiasmueller07(a)web.de>
Betreff: Re: Aw: Re: [keycloak-user] Kerberos Authentication
"Matthias Müller" <matthiasmueller07(a)web.de> writes:
The keytab file was generated by the server tools on a Windows Server
(Active directory).
I saved the keytab in /etc/keytab/ folder, user is the same as keykloak.
Did you add the keytab and Principal to the LDAP configuration?
Can you "kinit -kt /etc/keytab/keycloak.keytab HTTP/<yourhost>"?
Ist "kvno HTTP/<yourhost>" valid (same as on Kerberos server)?
The debug option is enabled but no server.log exists. In console.log
nothing related to Kerberos appears.
Can you show the log? Please move the discussion back to the list.
Jochen
--
This space is intentionally left blank.