I am trying to add Kerb authentication into an old Tomcat 5.5 environment!
I am using negoserver, running as "local system" account. I have amended Negoserver.exe.config to uncomment the "onlykerberos" option.
Eventually, I would like to get this working with the server's DNS alias, but for now I am using the server's name.
The problem is, when accessing
I get a 401 (This request requires HTTP authentication ()) message
I have used the Microsoft utility "Klist" to purge kerb tickets before accessing the URL, and list them afterwards, and there does seem to be a ticket getting created correctly, called something like HTTP/myserver.my.domain.
The negoserver log is recording entries like these:
Server Verbose: 4986 : To a new request with a new connection TCP
Server Verbose: 4986 : Before TranslationOrAuthenticate
State Verbose: 4986 : Buf len : 1
State Verbose: 4986 : Buf remaining 1
Server Verbose: 4986 : In TranslationOrAuthenticate
Server Verbose: 4986 : Buffer.length 1
Server Verbose: 4986 : ConnectionType.AuthenticationAndInformIfAuthenticatedUser
State Verbose: 4986 : A security requirement was not fulfilled during authentication. Required: None, negotiated: EncryptAndSign. at System.Net.Security.NegoState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.NegotiateStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
at httpToNegotiateStream.State.AuthenticateAsServerContinue(IAsyncResult ar) in c:\Users\dominique\Documents\doc\Visual Studio 2012\Projects\Negoserver\Negoserver\NegoServer.cs:line 1866
Is this clear? I am sure I have forgotten to do something pretty basic..... Hope you can help