[CalendarServer-dev] calendarserver on linux via NssDirectory
Marco Ghidinelli
marco.ghidinelli at turboden.net
Thu Mar 5 06:31:01 PST 2009
On 03/05/2009 09:28 AM, Guido Günther wrote:
> Hi Marco,
hi guido,
the kerberos authentication works:
$ kinit -V -k -t /etc/krb5.keytab HTTP/muttley.domain.local at DOMAIN.LOCAL
Authenticated to Kerberos v5
$ klist
Ticket cache: FILE:/tmp/krb5cc_103
Default principal: HTTP/muttley.domain.local at DOMAIN.LOCAL
Valid starting Expires Service principal
03/05/09 12:14:31 03/05/09 22:14:34 krbtgt/DOMAIN.LOCAL at DOMAIN.LOCAL
renew until 03/06/09 12:14:31
but the calendarserver doesn't initialize the kerberos things (the
windows machine try to inizialize the NTLM login and not the GSS).
> And you have enabled kerberos in /etc/caldavd/caldavd.plist:
> <!-- Kerberos/SPNEGO -->
> <key>Kerberos</key>
> <dict>
> <key>Enabled</key>
> <true/>
> <key>ServicePrincipal</key>
> <string>HTTP/server.example.com at EXAMPLE.COM</string>
> </dict>
the same as mine.
the strange thing is that it doesn't even try to connect to the kdc
server when i start the calendar server.
i tried to understand the python-kerberos api, but without documentation
is not that easy. :-/
> Does the user have a valid HTTP/... ticket after trying to authenticate
> in its keytab? Besides that I'm a bit out of ideas.
i'm sorry, i don't understand:
i try to (give a shell to the caldav user and) kinit with the keytab,
and then restart the calendarserver, but with no luck.
i didn't apply the patch to use a keytab different from the default
/etc/krb5.keytab: maybe the python kerberos doesn't look at that file?
More information about the calendarserver-dev
mailing list