[jboss-dev-forums] [JBoss AS 7 Development] - Re: Configure AS7 to authenticate users with kerberos

guillaume cornet do-not-reply at jboss.com
Thu Nov 29 11:07:09 EST 2012 

guillaume cornet [https://community.jboss.org/people/raoulpetitpied] created the discussion

"Re: Configure AS7 to authenticate users with kerberos"

To view the discussion, visit: https://community.jboss.org/message/779159#779159

--------------------------------------------------------------
Hi Antoan,


I faced the same problem (e.g. 'Checksum failed'), and, in my case, I solve this error by changing the 'host' security-domain configuration.


According to  https://community.jboss.org/docs/DOC-16876 https://community.jboss.org/wiki/DRAFTUsingJBossNegotiationOnAS7, the 'host' security-domain should be configured like that :

    <security-domain name="host" cache-type="default">
        <authentication>
        <login-module code="Kerberos" flag="required">
            <module-option name="storeKey" value="true"/>
            <module-option name="useKeyTab" value="true"/>
            <module-option name="principal" value="host/testserver at MY_REALM"/>
            <module-option name="keyTab" value="/home/username/service.keytab"/>
            <module-option name="doNotPrompt" value="true"/>
            <module-option name="debug" value="false"/>
        </login-module>
        </authentication>
    </security-domain>


In my case, the solution was to configure it like that :

    <security-domain name="host" cache-type="default">
        <authentication>
        <login-module code="Kerberos" flag="required">
            <module-option name="storeKey" value="true"/>
            <module-option name="useKeyTab" value="true"/>
            <module-option name="principal" value="HTTP/{testserver}"/>
            <module-option name="keyTab" value="/home/username/service.keytab"/>
            <module-option name="doNotPrompt" value="true"/>
            <module-option name="debug" value="false"/>
        </login-module>
        </authentication>
    </security-domain>

where {testserver} is the FQDN of the machine.


Cheers
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/779159#779159]

Start a new discussion in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2225]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20121129/55e328d9/attachment.html

More information about the jboss-dev-forums mailing list