name mode size
README 100644 1.32kB
hps.keytab 100755 71B
jaas.conf 100644 290B
krb5.ini 100644 384B
mappings.ini 100644 36B
mem_conf.ini 100644 141B
Sample files for hps kerberos support ===================================== Your Blue Mind is on hps.willow.lan, on the same lan as active directory ( Your active directory domain is willow.lan On AD ----- Create a normal user for service authentication, for example: hps with the password Bluejob31! Then execute in cmd.exe prompt: setspn -A HTTP/hps.willow.lan hps The output should look like: Registering ServicePrincipalNames for CN=hps,CN=Users,DC=willow,DC=lan HTTP/hps.willow.lan Updated object Then you will generate a keytab: ktpass /out c:\hps.keytab /mapuser hps@WILLOW.LAN /princ HTTP/hps.willow.lan@WILLOW.LAN /pass Bluejob31! /kvno 0 The output should look like: Targeting domain controller: WIN-BJ666K3L.willow.lan Using legacy password setting method Successfully mapped HTTP/hps.willow.lan to hps. Output keytab to c:\hps.keytab On Blue Mind ------------ copy mem_conf.ini, jaas.conf and krb5.ini from the provided samples to /etc/bm-hps. copy the hps.keytab from the AD server to /etc/bm-hps on Blue Mind server. Edit jaas.conf and change your security principal to the one you defined with the setspn command. Change your realm and kdc address in krb5.ini to match yours. # service bm-hps restart Connect with internet explorer from a workstation in your domain.