On 03/05/2009 09:28 AM, Guido Günther wrote:
Hi Marco,
hi guido,
the kerberos authentication works:
$ kinit -V -k -t /etc/krb5.keytab HTTP/[email protected]
Authenticated to Kerberos v5
$ klist
Ticket cache: FILE:/tmp/krb5cc_103
Default principal: HTTP/[email protected]
Valid starting Expires Service principal
03/05/09 12:14:31 03/05/09 22:14:34 krbtgt/[email protected]
renew until 03/06/09 12:14:31
but the calendarserver doesn't initialize the kerberos things (the
windows machine try to inizialize the NTLM login and not the GSS).
And you have enabled kerberos in /etc/caldavd/caldavd.plist:
<!-- Kerberos/SPNEGO -->
<key>Kerberos</key>
<dict>
<key>Enabled</key>
<true/>
<key>ServicePrincipal</key>
<string>HTTP/[email protected]</string>
</dict>
the same as mine.
the strange thing is that it doesn't even try to connect to the kdc
server when i start the calendar server.
i tried to understand the python-kerberos api, but without documentation
is not that easy. :-/
Does the user have a valid HTTP/... ticket after trying to authenticate
in its keytab? Besides that I'm a bit out of ideas.
i'm sorry, i don't understand:
i try to (give a shell to the caldav user and) kinit with the keytab,
and then restart the calendarserver, but with no luck.
i didn't apply the patch to use a keytab different from the default
/etc/krb5.keytab: maybe the python kerberos doesn't look at that file?
_______________________________________________
calendarserver-dev mailing list
[email protected]
http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-dev
