AnsweredAssumed Answered

Understanding Alfresco subsystems for authentication (3.3)

Question asked by bnice on Sep 14, 2010
Latest reply on Sep 15, 2010 by bnice
Hi,

I need to get my fresh Alfresco 3.3 installation to run together with a W2K3 ADS - SSON is not a must, but would be nice to have.
I tried to configure Kerberos for that reason with help of the wiki http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Kerberos, but still got some difficulties getting the Alfresco Explorer to work with AD authentication. Share is working fine with AD.
I'm quiet sure I have to do some further changes to alfresco-global.properties and/or other files, but not understanding the use of the subsystems in release 3.3 (used 3.0 before).
Do I have to create new .properties files for that purpose and where? I have no path /opt/Alfresco/tomcat/shared/classes/extensions, so do I have to create it?

Where do I have to add these lines (if needed):

kerberos.authentication.realm
    The Kerberos realm to authenticate with. The realm should be the domain upper cased; example if the domain is alfresco.org then the realm should be ALFRESCO.ORG
kerberos.authentication.sso.enabled
    A Boolean that when true enables SPNEGO/Kerberos based Single Sign On (SSO) functionality in the Web client. When false and no other members of the authentication chain support SSO, password-based login will be used.
kerberos.authentication.authenticateCIFS
    A Boolean that when true enables Kerberos authentication in the CIFS server. When false and no other members of the authentication chain support CIFS authentication, the CIFS server will be disabled.
kerberos.authentication.user.configEntryName
    The name of the entry in the JAAS configuration file that should be used for password-based authentication. The default value Alfresco is a good choice here.
kerberos.authentication.cifs.configEntryName
    The name of the entry in the JAAS configuration file that should be used for CIFS authentication. The default value AlfrescoCIFS is a good choice here.
kerberos.authentication.http.configEntryName
    The name of the entry in the JAAS configuration file that should be used for web-based single-sign on (SSO). The default value AlfrescoHTTP is a good choice here.
kerberos.authentication.cifs.password
    The password for the CIFS Kerberos principal
kerberos.authentication.http.password
    The password for the HTTP Kerberos principal
kerberos.authentication.defaultAdministratorUserNames
    A comma separated list of user names who should be considered administrators by default
kerberos.authentication.browser.ticketLogons (new in v3.3 SP3)
    Can a ticket parameter in the request URL be used to authenticate with the Alfresco Explorer application? Default is true. Note that WebDAV URLs always accept ticket parameters.

Outcomes