我正在尝试使用Kerberos AD实现SSO共享,并按照docs.alfresco.com官方文档中列出的说明进行操作。我一直得到以下异常
2013-06-20 18:07:37,772 DEBUG [app.servlet.KerberosAuthenticationFilter] [http-80-1] Authentication not required (filter), chaining ...
2013-06-20 18:07:37,804 DEBUG [app.servlet.KerberosAuthenticationFilter] [http-80-1] Authentication not required (filter), chaining ...
2013-06-20 18:07:37,819 DEBUG [app.servlet.KerberosAuthenticationFilter] [http-80-1] New Kerberos auth request from X.X.X.X (X.X.X.X:ZZZZ) Checksum failed !
2013-06-05 12:02:30,998 WARN [site.servlet.KerberosSessionSetupPrivilegedAction] [http-80-3] Caught GSS Error
GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
....
Caused by: KrbException: Checksum failed
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:85)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:77)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:268)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
... 21 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:388)
at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:74)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:83)
... 27 more
以下是文件,设置和相应位置的设置。我打开了打印上面消息的调试。任何有助于解决问题的建议将不胜感激。我们在Windows 2008计算机上运行4.0.d社区。 p>
alfresco-global.properties
### Kerberos SSO ###
kerberos.authentication.realm=LOCAL.COM
kerberos.authentication.sso.enabled=true
kerberos.authentication.authenticateCIFS=false
kerberos.authentication.user.configEntryName=AlfrescoHTTP
kerberos.authentication.http.configEntryName=AlfrescoHTTP
#kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
kerberos.authentication.stripUsernameSuffix=true
kerberos.authentication.http.password=password
kerberos.authentication.cifs.password=password
kerberos.authentication.browser.ticketLogons=true
kerberos.authentication.defaultAdministratorUserNames=usera
份额-CONFIG-custom.xml
<config evaluator="string-compare" condition="Kerberos" replace="true">
<kerberos>
<password>password</password>
<realm>LOCAL.COM</realm>
<endpoint-spn>HTTP/domain@LOCAL.COM</endpoint-spn>
<config-entry>ShareHTTP</config-entry>
</kerberos>
</config>
<config evaluator="string-compare" condition="Remote">
<remote>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://localhost:80/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
java.login.config 位于C:\ Alfresco \ java \ jre \ lib \ security ==,如文档中所述,但将keyTab位置更改为C:/etc/alfresco.keytab < / p>
还修改了C:\ Alfresco \ java \ jre \ lib \ security中的 java.security 以指向java.login.config
(p:\ Windows)krb5.ini
[libdefaults]
default_realm = LOCAL.COM
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
[realms]
LOCAL.COM = {
kdc = machine.local.com
admin_server = machine.local.com
}
[domain_realm]
machine.local.com = LOCAL.COM
.machine.local.com = LOCAL.COM
非常感谢任何有关如何调试的建议;非常感谢你。