-
1. Re: Negotiated Authentication w/kerberos as client
dlofthouse Mar 23, 2015 7:11 AM (in response to aelyx)How are you configuring the login modules? This sounds more a case of falling back to using the 'other' security domain rather than the module being substituted.
-
2. Re: Negotiated Authentication w/kerberos as client
jeffery.powell Apr 13, 2015 12:44 AM (in response to dlofthouse)Thanks for your fast response.
You were right, the system was defaulting to 'others' security-domain. We created a second domain with the Krb5LoginModule and that got the app running. Anyway, now we have a new issue with the kdc token length; it's being truncated in our http requests, so all we get a 401s. I'm trying to figure out if this is AD's fault or we have to set specific eTypes via supported_enctypes in the krb5.conf and kdc.conf. But I assume that's a question for another time on a different forum and thread.
Sorry for the extremely delayed response. I'm a full time student studying for a PhD in BioMed Tech while working full time as a system dev for my present company. Anyway, the project was put on hold for a bit and now it's being lazarethed.