Hello,
I have successfully setup Kerberos authentication for a Apache directory with the following configuration:
<Directory "/var/www/html/test/">
AllowOverride None
Options +ExecCGI -Includes
AuthType Kerberos
AuthName "TEST"
Krb5Keytab /etc/apache2/keytabs/tuxedo.keytab
KrbAuthRealms WIN2K12.LOCAL
KrbMethodNegotiate on
KrbSaveCredentials off
KrbMethodK5Passwd on
KrbServiceName HTTP/tuxedo.win2k12.local@WIN2K12.LOCAL
Require valid-user
Order allow,deny
Allow from all
</Directory>
AllowOverride None
Options +ExecCGI -Includes
AuthType Kerberos
AuthName "TEST"
Krb5Keytab /etc/apache2/keytabs/tuxedo.keytab
KrbAuthRealms WIN2K12.LOCAL
KrbMethodNegotiate on
KrbSaveCredentials off
KrbMethodK5Passwd on
KrbServiceName HTTP/tuxedo.win2k12.local@WIN2K12.LOCAL
Require valid-user
Order allow,deny
Allow from all
</Directory>
When entering sguenther@WIN2K12.LOCAL I have access to the directory.
I added the same parameters to the OTRS configuration:
<Directory "/opt/otrs/bin/cgi-bin/">
AllowOverride None
Options +ExecCGI -Includes
AuthType Kerberos
AuthName "OTRS"
Krb5Keytab /etc/apache2/keytabs/tuxedo.keytab
KrbAuthRealms WIN2K12.LOCAL
KrbMethodNegotiate on
KrbSaveCredentials off
KrbMethodK5Passwd on
KrbServiceName HTTP/tuxedo.win2k12.local@WIN2K12.LOCAL
Require valid-user
Order allow,deny
Allow from all
AllowOverride None
Options +ExecCGI -Includes
AuthType Kerberos
AuthName "OTRS"
Krb5Keytab /etc/apache2/keytabs/tuxedo.keytab
KrbAuthRealms WIN2K12.LOCAL
KrbMethodNegotiate on
KrbSaveCredentials off
KrbMethodK5Passwd on
KrbServiceName HTTP/tuxedo.win2k12.local@WIN2K12.LOCAL
Require valid-user
Order allow,deny
Allow from all
.....
and to Config.pm
sub Load {
.....
$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
$Self->{'AuthModule::HTTPBasicAuth::ReplaceRegExp'} = '@WIN2K12.LOCAL';
$Self->{'AuthModule::HTTPBasicAuth::ReplaceRegExp'} = '@WIN2K12.LOCAL';
I have to tried to login by either creating a user called "sguenther" or "sguenther@WIN2K12.LOCAL", but both login fail.
Since the Apache login works, I assume that someting in my OTRS configuration is missing or wrong.
BTW: This is Ubuntu 16.04 and OTRS 5.0.16
Does anyone have an idea what it could be?
Thanks for any hints or suggestions,
Stefan
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs