...
In PowerShell on the Windows Server, generate a keytab file using the Ktpass tool:
Code Block ktpass -out joget.keytab -mapuser joget@WINDOWS.LOCAL -pass Pass@word1 -crypto all -ptype KRB5_NT_PRINCIPAL -princ HTTP/joget.windows.local@WINDOWS.LOCAL
Copy the generated joget.keytab file into the Joget server e.g. at C:\Joget-v6-Enterprise\wflow\joget.keytab
Java 8 may be required for the Kerberos authentication to work with the ktpass generated keytab. Download and install JDK 8, and edit the tomcat-run.bat startup script to update the JAVA_HOME path accordingly.
Create a krb5.ini file under C:\Windows folder with these configurations:
Code Block [libdefaults] default = WINDOWS.LOCAL default_realm = WINDOWS.LOCAL dns_lookup_realm = true dns_lookup_kdc = true [realms] WINDOWS.LOCAL = { kdc = WIN-TKDH9LCHUUO.WINDOWS.LOCAL:88 default_domain = WINDOWS.LOCAL } [domain_realm] .windows.local = WINDOWS.LOCAL windows.local = WINDOWS.LOCAL
Using Linux
Install the krb5-user package
Code Block sudo apt-get install krb5-user
and configure the realm as WINDOWS.LOCAL and the KDC as WIN-TKDH9LCHUUO.WINDOWS.LOCAL:88
In a terminal, run
Code Block kinit joget@WINDOWS.LOCAL
Info IMPORTANT NOTE: The domain must be UPPER CASE
The command should run without errorConfirm the configuration in /etc/krb5.conf
Code Block [libdefaults] default = WINDOWS.LOCAL default_realm = WINDOWS.LOCAL dns_lookup_realm = true dns_lookup_kdc = true [realms] WINDOWS.LOCAL = { kdc = WIN-TKDH9LCHUUO.WINDOWS.LOCAL:88 default_domain = WINDOWS.LOCAL } [domain_realm] .windows.local = WINDOWS.LOCAL windows.local = WINDOWS.LOCALInfo IMPORTANT NOTE: The domain must be UPPER CASE
In a terminal, generate a keytab file using:
Code Block ktutil ktutil: add_entry -password -p HTTP/JOGET.WINDOWS.LOCAL@WINDOWS.LOCAL -k 1 -e arcfour-hmac-md5 Password for HTTP/JOGET.WINDOWS.LOCAL@WINDOWS.LOCAL: ktutil: wkt /etc/joget.keytab
List the SPNs in the keytab using:
Code Block ktutil ktutil: rkt /etc/joget.keytab ktutil: list
...