Did you get your GLPI working with SSO Kerberor?
]]>after this steps in GLPI
Setup/Authentication/Others/Other authentication sent in the HTTP request
Field storage of the login in the HTTP request: REMOTE_USER
What should i do to bypass the login and passwd screen?
Thx
Then i enter my ad credentials glpi then proceeds to this screen.
]]>
The command i used to create the keytab was this:
ktpass -princ HTTP/glpi@clarebout.local -mapuser glpi@clarebout.local -pass xxxx -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out C:\tmp\kerberos.keytab
]]>must be:
KrbAuthRealms NCL.JOHNTHEDEVELOPER.CO.UK
and
KrbServiceName HTTP/alpha.ncl.johnthedeveloper.co.uk@NCL.JOHNTHEDEVELOPER.CO.UK
I alltered the login info.
ktpass -princ HTTP/alpha.ncl.johnthedeveloper.co.uk@NCL.JOHNTHEDEVELOPER.CO.UK -mapuser kerberos@NCL.JOHNTHEDEVELOPER.CO.UK -pass password -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out C:\Temp\kerberos.keytab
]]>Server is ubuntu 14.04.
Glpi version 9.1.2
Configuration i followed
https://www.johnthedeveloper.co.uk/sing … php-ubuntu
+
http://forum.glpi-project.org/viewtopic.php?id=33381
My configuration
<VirtualHost *:80>
Alias /glpi /usr/share/glpi
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName glpi.clarebout.com
ServerAdmin webmaster@localhost
DocumentRoot /usr/share/glpi
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/glpinieuwerror.log
CustomLog ${APACHE_LOG_DIR}/glpinieuwaccess.log combined
<Directory /usr/share/glpi>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Allow from all
</Directory>
<IfModule !auth_kerb_module>
<Directory "/usr/share/glpi">
Require all denied
</Directory>
</IfModule>
<IfModule auth_kerb_module>
<Directory "/usr/share/glpi">
AuthType Kerberos
AuthName "glpi"
Krb5Keytab /etc/kerberos.keytab
KrbAuthRealms clarebout.local
Require valid-user
</Directory>
</IfModule>
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
Error
[auth_kerb:error] [pid 10553] [client 10.20.96.161:64193] gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information (, No key table entry found matching HTTP/localhost@)
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Anybody have an idea why its not working?
]]>