General discussion on installation and configuration of SOGo

Text archives Help

Re: [SOGo] kerberos authentication

Chronological Thread 
  • From: Marco Bencivenni < >
  • To:
  • Subject: Re: [SOGo] kerberos authentication
  • Date: Tue, 1 Feb 2011 11:44:27 +0100
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=Wr0sxSlKFaBn37Obc1vZSnPleya21L8/cMlNyAIuO8NnHXbZXzV0v+kwiHDq68ncLM FBR8iM0gTnJ66a1MlUL2xz5CPIUXDLZwIY/Nnzsh2P41OutiWV6s36cjscolDURY/2hM D2/bUHnAIx/tI17a1AZV3ipOBOGvtw6SehvIw=

I don't have any information in sogo log but I have something in apache error log:

[Tue Feb 01 11:40:43 2011] [debug] src/mod_auth_kerb.c(1432): [client] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Tue Feb 01 11:40:43 2011] [debug] src/mod_auth_kerb.c(915): [client] Using HTTP/ as server principal for password verification
[Tue Feb 01 11:40:43 2011] [debug] src/mod_auth_kerb.c(655): [client] Trying to get TGT for user
[Tue Feb 01 11:40:43 2011] [debug] src/mod_auth_kerb.c(569): [client] Trying to verify authenticity of KDC using principal HTTP/
[Tue Feb 01 11:40:43 2011] [debug] src/mod_auth_kerb.c(994): [client] kerb_authenticate_user_krb5pwd ret=0 authtype=Basic
[Tue Feb 01 11:40:43 2011] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL //
[Tue Feb 01 11:40:43 2011] [debug] proxy_util.c(1488): [client] proxy: http: found worker for
[Tue Feb 01 11:40:43 2011] [debug] mod_proxy.c(966): Running scheme http handler (attempt 0)
[Tue Feb 01 11:40:43 2011] [debug] mod_proxy_http.c(1976): proxy: HTTP: serving URL
[Tue Feb 01 11:40:43 2011] [debug] proxy_util.c(2044): proxy: HTTP: has acquired connection for (
[Tue Feb 01 11:40:43 2011] [debug] proxy_util.c(2102): proxy: connecting to
[Tue Feb 01 11:40:43 2011] [debug] proxy_util.c(2195): proxy: connected /SOGo/ to
[Tue Feb 01 11:40:43 2011] [debug] proxy_util.c(2347): proxy: HTTP: fam 2 socket created to connect to
[Tue Feb 01 11:40:43 2011] [debug] proxy_util.c(2449): proxy: HTTP: connection complete to (
[Tue Feb 01 11:40:43 2011] [debug] mod_proxy_http.c(1753): proxy: start body send
[Tue Feb 01 11:40:43 2011] [debug] mod_proxy_http.c(1842): proxy: end body send
[Tue Feb 01 11:40:43 2011] [debug] proxy_util.c(2062): proxy: HTTP: has released connection for (

Marco B

2011/2/1 Marco Bencivenni < "> >
Dear all,

excuse me but I prevoiulsy posted an incorrect configuration.
The problem is that I tru to use a kerberos authentication but I got a blank page withe the only word "Unauthorized"
The configuration apache-kerberos is correct, but there is something in SOGo configuration in order to use kerberos credentials.
I hope that someone has already faced this type of problem.
Thanks in advance,
Marco B

In my SOGo.conf  I uncomment:

<Location /SOGo>
  AuthType Kerberos
  AuthName "Kerberos Login"
  KrbMethodNegotiate Off
  KrbMethodK5Passwd On
  KrbAuthRealms ####.IT
  KrbServiceName HTTP/
  Krb5KeyTab /etc/httpd/conf/keytab
  require valid-user
  Order allow,deny

  Allow from all

  RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e"

My .GNUstepDefaults is

        <string>mysql://sogo: :3306/sogo/sogo_folder_info</string>
        <string>mysql://sogo: :3306/sogo/sogo_user_profile</string>
                <string>Shared Addresses</string>

2011/1/26 < " target="_blank"> >

Hi Marco,

to use external authentication like Kerberos you have to use HTTP Header in
front of SOGo:

There are a lot of examples in the Web for doing that. But the exact
configuration steps depend on your setup. Especially for Apache and Kerberos
there are a lot of how-tos.


Archive powered by MHonArc 2.6.16.

Top of page