I've been hitting this problems for quite a few days now so I turn to you for help.
I've read quite a lot of forum subjects and web pages about Kerberos but seems I'm missing something.
Here is just a few I've read today.
viewtopic.php?f=62&t=28160&p=147152&hil ... th#p147152
viewtopic.php?f=62&t=33443&p=135834&hil ... th#p135834
viewtopic.php?t=15422
viewtopic.php?f=62&t=31416&p=127953&hil ... th#p127953
So here is what I'm sure is working.
My LDAP authentication is fine. It works well for agents and customer! It's also my "fallback" so my user can still login entering manually their creds.
My Kerberos setup seems to be OK. When I try to manually auth with KINIT, very thing is fine. (user/pass login and HTTP service login)
So I'm thinking that my problems is either with HTTPD or OTRS.
So here my "error_log" from HTTPD
Code: Select all
ERROR: OTRS-CGI-98 Perl: 5.16.3 OS: linux Time: Fri Jan 26 13:19:16 2018
Message: Need User!
RemoteAddress: 10.20.16.120
RequestURI: /otrs/index.pl
Traceback (5394):
Module: Kernel::System::Auth::LDAP::Auth Line: 123
Module: Kernel::System::Auth::Auth Line: 152
Module: Kernel::System::Web::InterfaceAgent::Run Line: 248
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler Line: 40
Module: (eval) (v1.99) Line: 207
Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
Module: ModPerl::Registry::handler (v1.99) Line: 32
ERROR: OTRS-CGI-98 Perl: 5.16.3 OS: linux Time: Fri Jan 26 13:19:16 2018
Message: Need UserLogin or UserID!
RemoteAddress: 10.20.16.120
RequestURI: /otrs/index.pl
Traceback (5394):
Module: Kernel::System::User::UserLookup Line: 928
Module: Kernel::System::Auth::Auth Line: 245
Module: Kernel::System::Web::InterfaceAgent::Run Line: 248
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler Line: 40
Module: (eval) (v1.99) Line: 207
Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
Module: ModPerl::Registry::handler (v1.99) Line: 32
Code: Select all
<Directory "/opt/otrs/bin/cgi-bin/">
AllowOverride None
Options +ExecCGI -Includes
<Files "index.pl">
AuthType Kerberos
AuthName "Kerberos AUTH"
KrbAuthRealms MYDOMAIN.LOCAL
KrbSaveCredentials off
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbServiceName HTTP/SERVICENAME(DNS)
Krb5KeyTab /etc/httpd/conf.d/otrs.keytab
Require valid-user
</Files>
Code: Select all
$Self->{AuthModule} = 'Kernel::System::Auth::HTTPBasicAuth';
$Self->{'AuthModule::HTTPBasicAuth::Replace'} = 'DOMAIN\\';
$Self->{'AuthModule::HTTPBasicAuth::ReplaceRegExp'} = '@DOMAIN.LOCAL';
Thanks in advance for you precious help.