[modauthkerb] Please help me getting single sign on working with IE10
Brought to you by:
kouril
Menu
▾
▴
[modauthkerb] Please help me getting single sign on working with IE10
|
From: Andrew W. <and...@gm...> - 2014-03-29 21:42:09
|
Hi I am looking for some help with sso for drupal using kerbos with apache on an active directory domain, with windows 7 clients using IE10 I have setup following this guide http://www.grolmsnet.de/kerbtut/ i have used ktpass to generate the keytab, originally using rc4-hmac-nt as the crypto type, but read that it might not work with windows 7 by default now, so have tried it with crypto ALL I am still receiving the following error in the logs. Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration. I understand this error can be misleading, as you will sometimes get it when it's not a client config problem as when kerberos files it sends the NTLM ticket anyway should a keytab which has been generated with all the available crypto types just work sorting out the crypto type with the client , or do i need to do something to make it work? Also something i am a little unclear on is do i need to have any local tickets loaded for the keytab to work or does the module handle getting it's own tickets ? the guide has me testing using kinit user@domain which successfully makes a ticket and later kinit -k -t /keytabfile PRINCPLE/fqdn again this successfully creates a ticket are they purely for testing, or would either of them need to be renewed when they expire ? |
