Kerberos does not work and vIDM is requesting for the password.
search cancel

Kerberos does not work and vIDM is requesting for the password.

book

Article ID: 314593

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • Kerberos is not working and it prompts the user for credentials.
  • VMware Identity Manager (vIDM) is unable to process the Kerberos authentication


Environment

VMware Identity Manager 3.3.x

Cause

Missing permissions on 'krb5.conf' can cause kerberos authentication to fail.

Resolution

  •  Permission on 'krb5.conf' file was incorrect as below:

            root@vap-vro-008 [ /etc ]# ls -al | grep krb

     -rw-r--r-- 1 root    root      1946 Jun 9 13:59 krb5.conf

     -rw-r----- 1 root    root         0 Jun 9 13:59     krb5.conf.lwidentity.orig

     -rw------- 1 horizon root      2680 Jun 9 13:59 krb5.keytab

Please take an appropriate backup of the appliance and have a rollback strategy in place prior to making any o/s level edits.

  • Correct the permission on all 3 krb files as below:
           root@vap-vro-008 [ /etc ]# chmod 664 /etc/krb*

          root@vap-vro-008 [ /etc ]# ls -al | grep krb

    -rw-rw-r-- 1 root    root      1946 Jun 9 13:59 krb5.conf

    -rw-rw-r-- 1 root    root         0 Jun 9 13:59  krb5.conf.lwidentity.orig

    -rw-rw-r-- 1 horizon root      2680 Jun 9 13:59 krb5.keytab


Note: If you upgrade VMware Identity Manager from 3.3.4 to 3.3.5 and have the Kerberos adapter configured, after the upgrade, unjoin the connector from the domain, then rejoin the connector back to the domain which will regenerate the krb5.conf file. For additional information, please see the following:

Post-Upgrade Configuration