Am 10.06.2013 23:35, schrieb james.henderson:
I am in a similar situation to Edward.
My authentication says something like:
principal's key obtained from the keytab
Acquire TGT using AS Exchange
default etypes for default_tkt_enctypes: 23 18 17.
KrbAsReq calling createMessage
KrbAsReq in creat
3:31 PM
To: Tomcat Users List
Subject: RE: Tomcat7 and SPNEGO configuration questions
Felix,
Thanks for the example. And yes, I agree -- my setup isn't getting far enough to attempt an
authentication of an end user. I *think* I've got the keytab and MSA aspect working. So two
poss
legation
of the credentials in my case :)
Regards,
Felix
____
From: Felix Schumacher [felix.schumac...@internetallee.de]
Sent: Wednesday, June 05, 2013 4:12 PM
To: users@tomcat.apache.org
Subject: Re: Tomcat7 and SPNEGO configuration questions
Am 03.06
@tomcat.apache.org
Subject: RE: Tomcat7 and SPNEGO configuration questions
I am in a similar situation to Edward.
My authentication says something like:
principal's key obtained from the keytab
Acquire TGT using AS Exchange
default etypes for default_tkt_enctypes: 23 18 17.
>>> Kr
tml. It
doesn't have the actual logging line, though.
Edward
____
From: james.henderson [james.hender...@rbc.com]
Sent: Monday, June 10, 2013 5:35 PM
To: users@tomcat.apache.org
Subject: RE: Tomcat7 and SPNEGO configuration questions
I am in a similar situation to Ed
I am in a similar situation to Edward.
My authentication says something like:
principal's key obtained from the keytab
Acquire TGT using AS Exchange
default etypes for default_tkt_enctypes: 23 18 17.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=dev UDP:
I've tried an AES128 keytab and matching krb5.conf; this didn't get any
further.
Edward
From: Edward Siewick [esiew...@ementum.com]
Sent: Monday, June 10, 2013 3:31 PM
To: Tomcat Users List
Subject: RE: Tomcat7 and SPNEGO configuration questi
he SPNEGO authenticator will work with any Realm but if used with the JNDI
Realm, by default the JNDI Realm will use the user's delegated credentials to
connect to the Active Directory."
____________________
From: Felix Schumacher [felix.schumac...@internetal
r Kerberos V5 ACCEPT cred (<>,
sun.security.jgss.krb5.Krb5AcceptCredential)
Found key for HTTP/openid-linux.openidmdev@openidmdev.com(18)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
[Krb5LoginModule]: Entering logout
[Krb5LoginModule]: logged out Subj
CP:88, timeout=3, number
>>> of retries =3, #bytes=255
>>> KDCCommunication: kdc=openiddc.openidmdev.com TCP:88, timeout=30000,Attempt
>>> =1, #bytes=255
>>>DEBUG: TCPClient reading 1611 bytes
>>> KrbKdcReq send: #bytes read=1611
>>> Krb
Hi Edward,
a few more questions:
* What is your CATALINA_BASE and what CATALINA_HOME?
* Have you verified, that your options (set by your JAVA_OPTS) are
really used by your tomcat installation?
Greetings
Felix
Am 31.05.2013 17:17, schrieb Edward Siewick:
Hi.
I'm trying to get a baseline
From: Felix Schumacher [felix.schumac...@internetallee.de]
Sent: Friday, May 31, 2013 3:22 PM
To: users@tomcat.apache.org
Subject: Re: Tomcat7 and SPNEGO configuration questions
Hi Edward.
Am Freitag, den 31.05.2013, 13:24 -0500 schrieb Edward Siewick
Hi Edward.
Am Freitag, den 31.05.2013, 13:24 -0500 schrieb Edward Siewick:
>
> From: Felix Schumacher [felix.schumac...@internetallee.de]
> Sent: Friday, May 31, 2013 1:18 PM
> To: users@tomcat.apache.org
> Subject: Re: Tomcat7 and SPNEG
From: Felix Schumacher [felix.schumac...@internetallee.de]
Sent: Friday, May 31, 2013 1:18 PM
To: users@tomcat.apache.org
Subject: Re: Tomcat7 and SPNEGO configuration questions
Am Freitag, den 31.05.2013, 10:17 -0500 schrieb Edward Siewick:
>&
>>
>> Well-founded guidance, clues, and even good guesses are all welcome.
>>
>
> Answering in the spirit of your last phrase above (because I really know
> nothing about the
> Tomcat SPNEGO Valve, and very little about Kerberos) :
>
> The error message :
>
> javax.security.auth.login.LoginExce
Am Freitag, den 31.05.2013, 10:17 -0500 schrieb Edward Siewick:
> Hi.
>
> I'm trying to get a baseline configuration working, following the
> http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html. I'm
> apparently off in the weeds having missed something, though. So I'd really
> appre
Edward Siewick wrote:
Hi.
I'm trying to get a baseline configuration working, following the
http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html. I'm apparently
off in the weeds having missed something, though. So I'd really appreciate a
sanity check of my configuration, and the te
17 matches
Mail list logo
