I am currently implementing one signon solution for a client that is based on Java, Tomcat and Kerberos. Users must access the Tomcat intranet application URL from their client browsers, the Tomcat application acquires user credentials through Kerberos and redirects them to the actual web application. Our client environment is a typical mix of Windows AD server acting as Tomcat's KDC and Linux application servers. It is assumed that SSO functionality will be used from both Windows and Linux clients. This is what seems to be different from most of the answers I can find on a network where people have Linux web application servers, but only for Windows clients.
Now, in my local setup, I get weird behavior. My development environment is Tomcat 7.0.26, running from MyEclipse 8.6 under Windows 7. My test environment is Tomcat 7.0.26 or 7.0.53 behind the Apache web server on Centos 6. I configured the AD server correctly, created the necessary keytab files and etc., And everything works smoothly in the development environment. I can access the Tomcat application from both Linux and Windows clients using IE and Firefox, Kerberos authentication continues, and I am redirecting correctly.
When you deploy the Tomcat application on a test server, it continues to work when you try to log in from Windows clients. However, when I try to access the test server from a Linux client (I tried to use Linux Mint 13 and Ubuntu 13.10), I get the following error:
javax.servlet.ServletException: GSSException: : 1.3.6.1.5.2.51.3.6.1.5.2.5 : net.sourceforge.spnego.SpnegoHttpFilter.doFilter(SpnegoHttpFilter.java:233)
, . , , , KDC? , 1.3.6.1.5.2.5 GSS_IAKERB_MECHANISM, GSS_KRB5_MECHANISM GSS_SPNEGO_MECHANISM, . , , , .
MIT Kerberos Heimdal Kerberos . Firefox Chromium, , Tomcat 7.0.26 7.0.53, . spnego.jar.
: Linux Tomcat, Windows, Linux- Linux .
?