With Privacyidea 2.8 we have the possibility to use REMOTE_USER for
authentication. mod_auth_kerb can set that when using kerberos, so I
tried that:
<Directory />
# For Apache 2.4 you need to set this:5D
#Require all granted
Options FollowSymLinks
AllowOverride None
SSLRequireSSL
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms JOCHEN.ORG
Krb5KeyTab /etc/apache2/http.keytab
KrbServiceName HTTP
KrbSaveCredentials On
require valid-user
</Directory>
I have a webui policy that allows remote_user. Privacyidea now
recognizes that REMOTE_USER is set and offers to log in as
"jochen@JOCHEN.ORG".
If I do that, privacyidea still tries to authenticate against my LDAP
resolver and answers: Authentication failed. Wrong Credentials.
Any idea why my REMOTE_USER does not work? I tried converting the
uppercase Kerberos realm to lowercase, which is used in privacyidea,
but that to didn’t work.
Anything that must be done to authenticate against Kerberos?
Jochen–
The only problem with troubleshooting is that the trouble shoots back.