[jboss-user] [Security & JAAS/JBoss] - JBOSS Negotiate setup clarification with regards to Active D
dufferdo25
do-not-reply at jboss.com
Wed Jun 17 14:29:00 EDT 2009
Hello all,
I was wondering if I could get some clarification with regards to JBOSS Negotiate.
I am running JBOSS 5.1.0.GA and trying to incorporate the latest Negotiate component.
I have a win2k3 Active directory and want to verify the steps in the "how-to" , specifically Chapter 3 (ACtive Directory).
Let me summarize my setup first:
Domain= base.myco.com
Domain Controller= dc.base.myco.com
JBOSS is on Debian machine called jportal
JBOSS fqdn= jportal.base.myco.com
Now for the first step Server User Creation
I create a user called spnego-test who belongs to the Domain Users group.
Second step Service Account Mapping:
(This is where I have a question...the docs show the following:
setspn.exe -a host/testserver.kerberos.jboss.org testserver
setspn.exe -a HTTP/testserver.kerberos.jboss.org testserver
Now is testserver the user name or the server where jboss resides?)
Do I do the following?:
setspn.exe -a host/jportal.base.myco.com spnego-test
setspn.exe -a HTTP/jportal.base.myco.com spnego-test
jportal being my jboss machine and spnego-test being the user I created
Step 3: ktpass
docs show this:
ktpass -princ host/testserver at kerberos.jboss.org -pass * -mapuser KERBEROS\testserver
-out C:\testserver.host.keytab
Do I do the following?:
ktpass -princ host/jportal at base.myco.com -pass * -mapuser DC.BASE.MYCO.COM\spnego-test -out C:\spnego-test.host.keytab
Step 4:
DOcs say to do the following: ktab -k c:\testserver.host.keytab -a testserver at KERBEROS.JBOSS.ORG
Do I do?:
ktab -k c:\spnego-test.host.keytab -a spnego-test at DC.BASE.MYCO.COM
Thanks for any help!
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4238319#4238319
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4238319
More information about the jboss-user
mailing list