我在Redhat 6上配置了Alfresco 4.0.d的砖墙.
我正在使用Kerberos身份验证,它似乎正常工作,单点登录正在主要的露天应用程序本身.我已经完成了配置步骤以使共享应用程序正常工作,但我尽可能地尝试,每次浏览器访问http:// server:8080 / share以及’Windows安全性时,我都会在catalina.out中出现此错误’密码箱.
WARN [site.servlet.KerberosSessionSetupPrivilegedAction] credentials can not be delegated!
这是我到目前为止所做的:
使用AD用户和计算机,选择alfrescohttp帐户,并选择“信任此用户以委派任何服务(仅限Kerberos)”.
共享配置,custom.xml
将/opt/alfresco-4.0.d/tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml.sample复制到share-config-custom.xml并进行如下编辑:
<config evaluator="string-compare" condition="Kerberos" replace="true"> <kerberos> <password>*****</password> <realm>MYDOMAIN.CO.UK</realm> <endpoint-spn>HTTP/server.mydomain.co.uk@MYDOMAIN.CO.UK</endpoint-spn> <config-entry>ShareHTTP</config-entry> </kerberos> </config> <config evaluator="string-compare" condition="Remote"> <remote> <keystore> <path>alfresco/web-extension/alfresco-system.p12</path> <type>pkcs12</type> <password>alfresco-system</password> </keystore> <connector> <id>alfrescoCookie</id> <name>Alfresco Connector</name> <description>Connects to an Alfresco instance using cookie-based authentication</description> <class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class> </connector> <endpoint> <id>alfresco</id> <name>Alfresco - user access</name> <description>Access to Alfresco Repository WebScripts that require user authentication</description> <connector-id>alfrescoCookie</connector-id> <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url> <identity>user</identity> <external-auth>true</external-auth> </endpoint> </remote> </config>
的krb5.conf
像这样设置/etc/krb5.conf文件:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYDOMAIN.CO.UK
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
forwardable = true
proxiable = true
[realms]
MYDOMAIN.CO.UK = {
kdc = mydc.mydomain.co.uk
admin_server = mydc.mydomain.co.uk
}
[domain_realm]
.mydc.mydomain.co.uk = MYDOMAIN.CO.UK
mydc.mydomain.co.uk = MYDOMAIN.CO.UK
java.login.config
/opt/alfresco-4.0.d/java/jre/lib/security/java.login.config配置如下:
Alfresco {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
AlfrescoCIFS {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="/etc/alfrescocifs.keytab"
principal="cifs/server.mydomain.co.uk";
};
AlfrescoHTTP {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="/etc/alfrescohttp.keytab"
principal="HTTP/server.mydomain.co.uk";
};
com.sun.net.ssl.client {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
other {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
ShareHTTP {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="/etc/alfrescohttp.keytab"
principal="HTTP/server.mydomain.co.uk";
};
露天-global.conf
最后,在alfresco-global.conf中进行以下设置
authentication.chain=kerberos1:kerberos,alfrescoNtlm1:alfrescoNtlm kerberos.authentication.real=MYDOMAIN.CO.UK kerberos.authentication.user.configEntryName=Alfresco kerberos.authentication.cifs.configEntryName=AlfrescoCIFS kerberos.authentication.http.configEntryName=AlfrescoHTTP kerberos.authentication.cifs.password=****** kerberos.authentication.http.password=***** kerberos.authentication.defaultAdministratorUserNames=administrator ntlm.authentication.sso.enabled=true
正如我所说,我已经用这个打了一堵砖墙,我非常感谢你能给我的任何帮助!这个问题也发布在Alfresco论坛上,但我想知道服务器故障中的任何人是否遇到过类似的实施挑战?
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
