Verifying The Kerberos Configuration; Configuring The Clients - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual
Identity server guide
Hide thumbs
Also See for ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010:
- Manual (264 pages) ,
- User manual (58 pages) ,
- Manual (110 pages)
Table of Contents
Advertisement
4 Copy this file to the location specified in the JAAS config file for Kerberos field of
"Creating the Authentication Class, Method, and Contract" on page
5 Make sure the file permissions are set correctly. They should be set to 644.
6 Restart Tomcat.
Linux Identity Server: Enter the following command:
/etc/init.d/novell-tomcat5 restart
Windows Identity Server: Enter the following commands:
net stop Tomcat5
net start Tomcat5
Whenever you make changes to the
7 If the cluster contains multiple Identity Servers, copy the
of the cluster, then restart Tomcat on that member.
5.3.5 Verifying the Kerberos Configuration
To view the
catalina.out
1 In the Administration Console, click Auditing > General Logging.
2 In the Identity Servers section, select the
3 Download the file and open it in a text editor.
4 Search for Kerberos and verify that a subsequent line contains a
For the configuration example, the lines look similar to the following:
principal's key obtained from the keytab
principal is HTTP/amser.provo.novell.com@AD.NOVELL.COM
Added server's keyKerberos Principal HTTP/
amser.provo.novell.com@AD.NOVELL.COMKey Version 3key EncryptionKey:
keyType=3 keyBytes (hex dump)=0000: CB 0E 91 FB 7A 4C 64 FE
[Krb5LoginModule] added Krb5Principal HTTP/
amser.provo.novell.com@AD.NOVELL.COM to Subject
Commit Succeeded
5 If the file does not contain any lines similar to these, verify that you have enabled logging. See
"Enabling Logging for Kerberos Transactions" on page
6 If the commit did not succeed, search backward in the file and verify the following values:
Service Principal Name
Name of keytab file
For the example configuration, the file should contain lines with text similar to the following:
Principal is HTTP/amser.provo.novell.com
KeyTab is /usr/lib/java/jre/lib/security/nidpkey.keytab
7 (Conditional) If you make any modifications to the configuration, either in the Administration
Console or to the bcsLogin file, restart Tomcat on the Identity Server.
5.4 Configuring the Clients
1 Add the computers of the users to the Active Directory domain.
bcsLogin.conf
(Linux) or the
stdout.log
catalina.out
165.
file, you need to restart Tomcat.
file to each member
bcsLogin.conf
(Windows) file of the Identity Server:
or
file.
stdout.log
Commit Succeeded phrase
164.
Configuring for Kerberos Authentication 169
Step 4
in
.
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010
Related Products for Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP2 Beta 1
- Novell Access Manager 3.1 SP 2
- NOVELL CLIENT LOGIN EXTENSION 3.7 - ADMINISTRATION
- NOVELL IDENTITY ASSURANCE SOLUTION 3.0.2 - ADMINISTRATION
- NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
- NOVELL IDENTITY MANAGER 3.6.1 - NULL SERVICE AND LOOPBACK SERVICE DRIVERS
- NOVELL IDENTITY MANAGER 3.6.1 - JOBS GUIDE
- NOVELL IDENTITY MANAGER 3.6.1 - TASK SERVICE DRIVER
- NOVELL IFOLDER 3 - ADMINISTRATION
- NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
- NOVELL POLICY IN DESIGNER 3.5 - 09-18-2009
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 and is the answer not in the manual?
Questions and answers