AnsweredAssumed Answered

Kerberos auth on HEAD

Question asked by chapeaurouge on Jan 23, 2009
Latest reply on Feb 17, 2009 by rogier.oudshoorn
Hello all,

It's been several days I am trying to make kerberos authentication work (against AD running on Win2003 R2), both with the regular 3.0 labs and now the SVN version (rev 12844). The server running alfresco is a gentoo 64bits (xen virtualized), tomcat is tomcat-6.0.18.

Kerberos seems to work fine when I try manually. kinit and klist report correct stats. kvno is good. But neither the web, webdav or cifs auth is working… because the context simply fails to start.

Once I enabled the
<filter-class>org.alfresco.web.app.servlet.KerberosAuthenticationFilter</filter-class>

The /alfresco simply doesn't start, but there is no real error at all, just the following:

Jan 23, 2009 5:24:26 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Jan 23, 2009 5:24:26 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.18
Jan 23, 2009 5:24:27 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive alfresco.war
Jan 23, 2009 5:24:28 PM org.apache.catalina.core.StandardContext addApplicationListener
INFO: The listener "org.apache.myfaces.webapp.StartupServletContextListener" is already configured for this context. The duplicate definition has been ignored.
17:24:42,572  INFO  [config.xml.XMLConfigService$PropertyConfigurer] Loading properties file from class path resource [alfresco/file-servers.properties]
17:24:43,636  DEBUG [webdav.auth.KerberosAuthenticationFilter] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@bb277f0, name=log4j:logger=org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter
17:24:43,637  DEBUG [smb.protocol.auth] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@bb277f0, name=log4j:logger=org.alfresco.smb.protocol.auth
17:24:43,637  DEBUG [security.authentication.ldap] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@bb277f0, name=log4j:logger=org.alfresco.repo.security.authentication.ldap
17:24:43,637  DEBUG [alfresco.smb.protocol] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@bb277f0, name=log4j:logger=org.alfresco.smb.protocol
17:24:43,638  DEBUG [alfresco.webdav.protocol] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@bb277f0, name=log4j:logger=org.alfresco.webdav.protocol
17:24:43,642  DEBUG [app.servlet.KerberosAuthenticationFilter] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@bb277f0, name=log4j:logger=org.alfresco.web.app.servlet.KerberosAuthenticationFilter
17:24:50,428  INFO  [domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.MySQLInnoDBDialect.
17:24:50,875  INFO  [domain.schema.SchemaBootstrap] No changes were made to the schema.
17:24:52,644 User:System INFO  [repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /var/alf_data
17:24:52,688 User:System INFO  [admin.patch.PatchExecuter] Checking for patches to apply …
17:24:52,879 User:System INFO  [admin.patch.PatchExecuter] No patches were required.
17:24:52,881 User:System INFO  [repo.module.ModuleServiceImpl] Found 0 module(s).
17:24:52,997 User:System DEBUG [alfresco.smb.protocol] Found valid IP address from interface list
17:24:52,998 User:System INFO  [alfresco.smb.protocol] CIFS server started
17:24:52,998 User:System INFO  [alfresco.smb.protocol] FTP server NOT started
17:24:52,998 User:System INFO  [alfresco.smb.protocol] NFS server NOT started
17:24:53,130 User:System WARN  [alfresco.util.OpenOfficeConnectionTester] An initial OpenOffice connection could not be established.
17:24:53,195 User:System INFO  [service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_11-b03; maximum heap size 910.250MB
17:24:53,196 User:System INFO  [service.descriptor.DescriptorService] Alfresco started (Labs): Current version 3.0.0 (c 1342) schema 1000 - Installed version 3.0.0 (c @build-number@) schema 1000
17:25:02,747  DEBUG [app.servlet.KerberosAuthenticationFilter] HTTP Kerberos login using account HTTP/gandalf-white.bi.invik.lu@BI.INVIK.LU
17:25:02,752  DEBUG [webdav.auth.KerberosAuthenticationFilter] HTTP Kerberos login using account HTTP/gandalf-white.bi.invik.lu@BI.INVIK.LU
Jan 23, 2009 5:25:02 PM org.apache.catalina.core.StandardContext start
SEVERE: Error filterStart
Jan 23, 2009 5:25:02 PM org.apache.catalina.core.StandardContext start
SEVERE: Context [/alfresco] startup failed due to previous errors
log4j:ERROR LogMananger.repositorySelector was null likely due to error in class reloading, using NOPLoggerRepository.
Jan 23, 2009 5:25:24 PM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-80
Jan 23, 2009 5:25:24 PM org.apache.coyote.ajp.AjpAprProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-8009
Jan 23, 2009 5:25:24 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 58135 ms

What could cause this error? What are other debug filters I could put in the log4j.properties?

Thanks a lot.

Cheers
fred

Outcomes