...
As the last step, please restart the custo diagnostic server now.
If everything works and the logged in windows user is allowed to use custo diagnostic then this command should return "true".
Debugging & Testing
For testing Kerberos authentication without using the custo manager, you can use the curl utility that is installed in the same folder as the custo diagnostic client:
|
...
|
You can add the following switches to the Java command line (via Configure custo diagnostic server in Startmenu):
|
After restarting Tomcat, you will find logging information in stdout and stderr files in the <custo diagnostic server installation directory>/logs directory
and <custo diagnostic data directory>/logs
Typical Error Messages and possible cause:
- Cannot Obtain Password: Apache Tomcat looks for the password somewhere.
Meaning, that it either cannot find the tomcat.keytab file (file location?) or the service principal name used in jaas.conf, tomcat.keytab file. - Cannot Sign In (Without Cannot Obtain Password): Tomcat gets the credentials from tomcat.keytab file, but it cannot sign in to the domain/domaincontroller. May be the Service Principal Name used in the configuration files differ from the one used with ktpass?
- Cannot locate Domain Controller. The krb5.ini leads from the domain name to the domain controller.