sudo ipa-client-automount --server=ipasrv01.mydomain.com
sudo authconfig --enablemkhomedir --update
sudo authconfig --enablemkhomedir --update
воскресенье, 30 октября 2016 г.
среда, 26 октября 2016 г.
clojure remote repl
In order to debug remote app we can start it with remote repl, if version of clojure 1.8+
java -Dclojure.server.repl="{:address \"0.0.0.0\" :port 5555 :accept clojure.core.server/repl}" -jar mywebapp.jar
вторник, 25 октября 2016 г.
Kerberos SPNEGO Checksum failed problem
I made SPNEGO authentication for my web apps. During development I met a problem authenticating users using keytab file for HTTP services:
Caused by: org.ietf.jgss.GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
I've found solution how to resolve a problem. I've used RHEL 7 on servers and clients, and FreeIPA as a KDC/LDAP server:
1. Open /etc/krb5.conf on web app server and add into section [libdefaults] one line
Caused by: org.ietf.jgss.GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
I've found solution how to resolve a problem. I've used RHEL 7 on servers and clients, and FreeIPA as a KDC/LDAP server:
1. Open /etc/krb5.conf on web app server and add into section [libdefaults] one line
[libdefaults]
default_tkt_enctypes = arcfour-hmac-md5
This is most important thing. This line resolves "Checksum failed" problem
2. On a client:
kinit username
Password for username@MYSERVICE.COM:
after successful authentication in Kerberos domain we can access Kerberized web apps using curl:
curl -v -k --negotiate -u : --cacert /etc/ipa/ca.crt https://myservice.com:8090/krb
3. In FireFox, print about:config in address bar -> I promise -> then find
network.negotiate-auth.delegation-uris value http://,https://
network.negotiate-auth.trusted-uris value .myservice.com
Подписаться на:
Сообщения (Atom)