samba4 & WindowsDesktopSSO
miquel
miquel at scytl.com
Wed Oct 2 08:28:28 MDT 2013
we are trying to integrating openam WindowsDesktopSSO module with samba4
kerberos.
we are creating keytab on samba4 DC following this steps:
samba-tool user create --random-password http-server-hp
samba-tool spn add HTTP/server-hp.testdomain.local at TESTDOMAIN.LOCAL
http-server-hp
samba-tool domain exportkeytab /root/as1_2.keytab
--principal=HTTP/server-hp.testdomain.local at TESTDOMAIN.LOCAL
samba-tool domain exportkeytab /root/as1_2.keytab
--principal=HOST/server-hp.testdomain.local at TESTDOMAIN.LOCAL
But we need to change openam source code to configure Krb5LoginModule
with "isInitiator=false" parameter.
10.1.0-Xpress/openam/openam-authentication/openam-auth-windowsdesktopsso/src/main/java/com/sun/identity/authentication/modules/windowsdesktopsso/WindowsDesktopSSOConfig.java:
} else {
hashmap.put("storeKey", "true");
hashmap.put("useKeyTab", "true");
+ hashmap.put("isInitiator", "false");
hashmap.put("keyTab", keytab);
hashmap.put("doNotPrompt", "true");
hashmap.put("refreshKrb5Config", refreshConf);
}
Without "isInitiator" parameter can't login and openam show "Client not
found in Kerberos database" error.
Is it correct ?
More information about the samba-technical
mailing list