1 Reply Latest reply on Jun 29, 2009 9:19 AM by dufferdo25

    JBOSS Negotiate setup clarification with regards to Active D

    dufferdo25

      Hello all,
      I was wondering if I could get some clarification with regards to JBOSS Negotiate.
      I am running JBOSS 5.1.0.GA and trying to incorporate the latest Negotiate component.
      I have a win2k3 Active directory and want to verify the steps in the "how-to" , specifically Chapter 3 (ACtive Directory).

      Let me summarize my setup first:

      Domain= base.myco.com
      Domain Controller= dc.base.myco.com
      JBOSS is on Debian machine called jportal
      JBOSS fqdn= jportal.base.myco.com


      Now for the first step Server User Creation
      I create a user called spnego-test who belongs to the Domain Users group.

      Second step Service Account Mapping:
      (This is where I have a question...the docs show the following:
      setspn.exe -a host/testserver.kerberos.jboss.org testserver
      setspn.exe -a HTTP/testserver.kerberos.jboss.org testserver

      Now is testserver the user name or the server where jboss resides?)

      Do I do the following?:
      setspn.exe -a host/jportal.base.myco.com spnego-test
      setspn.exe -a HTTP/jportal.base.myco.com spnego-test
      jportal being my jboss machine and spnego-test being the user I created

      Step 3: ktpass
      docs show this:
      ktpass -princ host/testserver@kerberos.jboss.org -pass * -mapuser KERBEROS\testserver
      -out C:\testserver.host.keytab

      Do I do the following?:
      ktpass -princ host/jportal@base.myco.com -pass * -mapuser DC.BASE.MYCO.COM\spnego-test -out C:\spnego-test.host.keytab

      Step 4:
      DOcs say to do the following: ktab -k c:\testserver.host.keytab -a testserver@KERBEROS.JBOSS.ORG

      Do I do?:
      ktab -k c:\spnego-test.host.keytab -a spnego-test@DC.BASE.MYCO.COM

      Thanks for any help!