I wish it was that easy. I got a domain admin to create a keytab for me
and installed it according to http://grolmsnet.de/kerbtut. But I still get
a 401 response and no log messages whatsoever.
What am I missing?
Ludek Finstrle <ludek.finstrle_at_pzkagis.cz> schrieb am 02.10.2008 16:18:59:
> Thu, Oct 02, 2008 at 03:41:34PM +0200, Rudolf.Lippert_at_Proleit.de
> > I have noticed the mod_auth_kerb module, but I haven't been able to
> > out what I need to do to make it work. It seem much more complicated
> > winbind. Still, if one works and the other doesn't, I'll go for kerb.
> > Could you explain how you got SSO working?
> I don't think so. Here you're steps:
> 1) create account for machine in AD and export host keytab
> HTTP/<FQDN> of apache host - IP where apache is listening on
> (forward "A" and reverse "PTR" DNS entry have to match)
> 2) put the keytab with enough secure permissions to apache host
> apache process has to have rights to read this keytab
> 3) configure mod_auth_kerb this way:
> LoadModule auth_kerb_module modules/mod_auth_kerb.so
> AuthType Kerberos
> AuthName "Whatever you want"
> KrbMethodNegotiate on
> KrbMethodK5Passwd on
> KrbAuthoritative on
> KrbAuthRealms <your REALM = AD domain name>
> KrbServiceName HTTP/<FQDN of apache host>@<domain>
> Krb5Keytab /path/to/keytab/file.keytab
> # this should provide some speed up
> KrbSaveCredentials on
> That's all. Do you still think it's hard to setup? ;o)
> > Dekuji moc,
> Neni zac,
> > Ludek Finstrle <ludek.finstrle_at_pzkagis.cz> schrieb am 02.10.2008
> > > Wed, Oct 01, 2008 at 10:35:43AM +0200, Rudolf.Lippert_at_Proleit.de
> > napsal(a):
> > > > I have a problem with at least two edges here:
> > > > First:: mod_auth_ntlm_winbind does not support NTLM over HTTPS,
> > > > TortoiseSVN does not support NTLM without HTTPS. At least, this is
> > > > understanding so far.
> > >
> > > Hello,
> > >
> > > another point of view. Isn't mod_auth_kerb enough for you? Do you
> > > really need ntlm auth? I've working SSO using windows AD as kerberos
> > > server and a lot of win clients using it without typing their
> > > I'm sorry I have no ntlm configuration at all.
> > >
> > > Regards,
> > >
> > > Luf
> To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
> For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-10-06 11:41:19 CEST