...
The first two steps has to be performed by an domain administrator.
Its worth to write down all information before you start.
E.g. In our Example we used the following names:
| Example used | |
|---|---|
| Windows-Domain | YOURDOMAIN |
| DNS Domain | yourdomain.de |
| Kerberos User: | custoKerberos |
| Servername | |
| Domain Controller | tstdc01 |
Create Domain User for Apache Tomcat
...
This file contains the Tomcat private key for the service provider. To generate the file, run the following command as a domain administrator (all on a single line). You can do this step on the server where tomcat runs on.
Configure Apache Tomcat
Replace / Edit krb5.ini and jaas.conf file, located in your ...\custo diagnostic server\conf Directory:
#krb5.ini
[libdefaults]
debug = true
default_realm = YOURDOMAIN.DE
dns_lookup_kdc = false
default_keytab_name = FILE:C:\Program Files\custo diagnostic server\conf\tomcat.keytab
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
YOURDOMAIN.DE = {
kdc = tstdc01.yourdomain.de
admin_server = tstdc01.yourdomain.de
default_domain = yourdomain.de
}
[domain_realm]
.adtest.local = YOURDOMAIN.DE
[login]
krb4_convert = true
krb4_get_tickets = false
Kerberos
Kerberos lets you automatically login to the custo manager with you windows user if your user has a valid LDAP mapping. To do this you need to configure LDAP first.
...