[keycloak-user] Kerberos Authentication
"Matthias Müller"
matthiasmueller07 at web.de
Mon Jul 9 02:14:43 EDT 2018
I added the necessary fields in the ldap configuration before.
Realm: local.domain
Principal: HTTP/server.name at local.domain
Keytab: /etc/keytab/servername.keytab
local.domain and server.name are place holder for the original settings.
The following message is shown with kinit and kvno:
kinit: Preauthentication failed while getting initial credentials
No credentials cache found (filename: /tmp/krb5cc_0) while getting client principal name
When I read the keytab file with klist the output is:
0 01/01/1970 00:00:00 HTTP/server.name at local.domain (aes256-cts-hmac-sha1-96)
Related to the log:
No entry is shown in this case. Only when I deactivate kerberos the normals logs are shown for example wrong user.
Thanks
Gesendet: Sonntag, 08. Juli 2018 um 22:13 Uhr
Von: "Jochen Hein" <jochen at jochen.org>
An: "Matthias Müller" <matthiasmueller07 at web.de>
Betreff: Re: Aw: Re: [keycloak-user] Kerberos Authentication
"Matthias Müller" <matthiasmueller07 at web.de> writes:
> The keytab file was generated by the server tools on a Windows Server (Active directory).
> I saved the keytab in /etc/keytab/ folder, user is the same as keykloak.
Did you add the keytab and Principal to the LDAP configuration?
Can you "kinit -kt /etc/keytab/keycloak.keytab HTTP/<yourhost>"?
Ist "kvno HTTP/<yourhost>" valid (same as on Kerberos server)?
> The debug option is enabled but no server.log exists. In console.log
> nothing related to Kerberos appears.
Can you show the log? Please move the discussion back to the list.
Jochen
--
This space is intentionally left blank.
More information about the keycloak-user
mailing list