I'm trying to set up kerberos SSO in Moodle but I'm getting a error_code: KRB5KDC_ERR_PREAUTH_REQUIRED (25):
1) I've configured kerberos on Apache: installed kerberos, configured via /etc/krb5.cnf, and tested via kinit command getting right kerberos tickets. WORKS
2) I've created a virtual host in Apache with a folder with kerberos authentication for testing: create a keytab file, tested authentication through kerberos works in the testing virtual site. I get the LDAP REMOTE_USER info and passes the authentication, also kerberos traffic is generated (fetched kerberos traffic with wireshark). WORKS
3) Configured virtual host to use kerberos to authenticate to moodle: as shown in moodle documentation.
Moodle Kerberos SSO documentation
4) Configured moodle's LDAP auth plugin: login with an LDAP user works fine. WORKS
5) Configured NTLM options in moodle's ldap plugin: I've tested and it does generate kerberos authentication network traffic (fetched kerberos with wireshark). But I'm getting a KRB5KDC_ERR_PREAUTH_REQUIRED (25).
Moodle LDAP configuration (NTLM section):
Enable = yes
Subnetwork = 192.168.0.0/16
Authentication type = kerberos
Username format = (none)
My virtual host configuration for both sites (test folder and moodle folder) is:
<VirtualHost *:80>
# General
ServerAdmin [email protected]
DocumentRoot /home/moodle/moodle
ServerName mymoodle.es
LogLevel debug
ErrorLog logs/testing-error.log
CustomLog logs/testing.log combined
<Location /krb_testing>
## Redes para las que se ofrece SSO
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd Off
KrbServiceName HTTP/[email protected]
KrbAuthRealms MYREALM.DOMAIN.ES
Krb5KeyTab /etc/krb5.keytab
## Sin require valid-user no se produce la negociacion
require valid-user
</Location>
<Directory /home/moodle/moodle/auth/ldap/>
<Files ntlmsso_magic.php>
AuthName "Moodle"
AuthType Kerberos
KrbAuthRealms MYREALM.DOMAIN.ES
KrbServiceName HTTP/[email protected]
Krb5KeyTab /etc/krb5.keytab
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbAuthoritative on
require valid-user
</Files>
</Directory>
</VirtualHost>
Apache version: Apache/2.2.15 (CentOS)
Moodle version: 2.4.7
kinit
. – Michael-O