Kerberos SSO funktioniert nicht

Troubleshooting
8

also, ich habe das Log entsprechend erweitert bekommen.

  • omd su [sitename]
  • nano etc/apache/conf.d/site.conf
  • add LogLevel trace8
  • save file
  • omd restart
  • tail -f var/log/apache/error.log

danach kann man in der error_log viel mehr erkennen, jedoch nichts das über die Existenz von Kerberos Aufschluss gibt und was hier nicht funktioniert.



[Mon May 09 14:33:58.176183 2022] [rewrite:trace2] [pid 108292] mod_rewrite.c(483): [client 127.0.0.1:50100] 127.0.0.1 - - [127.0.0.1/sid#7f45c42d44a0][rid#7f45c3e3d0a0/initial] init rewrite engine with requested uri /checkmk/check_mk/login.py, referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:33:58.176245 2022] [rewrite:trace3] [pid 108292] mod_rewrite.c(483): [client 127.0.0.1:50100] 127.0.0.1 - - [127.0.0.1/sid#7f45c42d44a0][rid#7f45c3e3d0a0/initial] applying pattern '^/checkmk(/?|/check_mk)$' to uri '/checkmk/check_mk/login.py', referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:33:58.176282 2022] [rewrite:trace3] [pid 108292] mod_rewrite.c(483): [client 127.0.0.1:50100] 127.0.0.1 - - [127.0.0.1/sid#7f45c42d44a0][rid#7f45c3e3d0a0/initial] applying pattern '^/checkmk(/?|/check_mk)$' to uri '/checkmk/check_mk/login.py', referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:33:58.176294 2022] [rewrite:trace3] [pid 108292] mod_rewrite.c(483): [client 127.0.0.1:50100] 127.0.0.1 - - [127.0.0.1/sid#7f45c42d44a0][rid#7f45c3e3d0a0/initial] applying pattern '^/checkmk(/?|/check_mk)$' to uri '/checkmk/check_mk/login.py', referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:33:58.176305 2022] [rewrite:trace1] [pid 108292] mod_rewrite.c(483): [client 127.0.0.1:50100] 127.0.0.1 - - [127.0.0.1/sid#7f45c42d44a0][rid#7f45c3e3d0a0/initial] pass through /checkmk/check_mk/login.py, referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:33:58.176381 2022] [core:trace3] [pid 108292] request.c(320): [client 127.0.0.1:50100] request authorized without authentication by access_checker hook and 'Satisfy any': /checkmk/check_mk/login.py, referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:33:58.193021 2022] [http:trace3] [pid 108292] http_filters.c(1125): [client 127.0.0.1:50100] Response sent with status 200, headers:, referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:33:58.193049 2022] [http:trace5] [pid 108292] http_filters.c(1134): [client 127.0.0.1:50100]   Date: Mon, 09 May 2022 12:33:58 GMT, referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:33:58.193055 2022] [http:trace5] [pid 108292] http_filters.c(1137): [client 127.0.0.1:50100]   Server: Apache, referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:33:58.193059 2022] [http:trace4] [pid 108292] http_filters.c(955): [client 127.0.0.1:50100]   Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' ssh: rdp:; img-src 'self' data: https://*.tile.openstreetmap.org/ ; connect-src 'self' https://crash.checkmk.com/ https://license.checkmk.com/api/upload ; frame-ancestors 'self' ; base-uri 'self'; form-action 'self' javascript: 'unsafe-inline'; object-src 'self'; worker-src 'self' blob:, referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:33:58.193064 2022] [http:trace4] [pid 108292] http_filters.c(955): [client 127.0.0.1:50100]   X-Content-Type-Options: nosniff, referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:33:58.193068 2022] [http:trace4] [pid 108292] http_filters.c(955): [client 127.0.0.1:50100]   Cache-Control: no-cache, referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:33:58.193071 2022] [http:trace4] [pid 108292] http_filters.c(955): [client 127.0.0.1:50100]   Content-Length: 1959, referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:33:58.193075 2022] [http:trace4] [pid 108292] http_filters.c(955): [client 127.0.0.1:50100]   Connection: close, referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:33:58.193078 2022] [http:trace4] [pid 108292] http_filters.c(955): [client 127.0.0.1:50100]   Content-Type: text/html; charset=utf-8, referer: http://checkmk.test.lab/checkmk
[Mon May 09 14:34:01.482222 2022] [rewrite:trace2] [pid 108173] mod_rewrite.c(483): [client 127.0.0.1:50102] 127.0.0.1 - - [127.0.0.1/sid#7f45c42d44a0][rid#7f45c40060a0/initial] init rewrite engine with requested uri /checkmk/check_mk/run_cron.py
[Mon May 09 14:34:01.482255 2022] [rewrite:trace3] [pid 108173] mod_rewrite.c(483): [client 127.0.0.1:50102] 127.0.0.1 - - [127.0.0.1/sid#7f45c42d44a0][rid#7f45c40060a0/initial] applying pattern '^/checkmk(/?|/check_mk)$' to uri '/checkmk/check_mk/run_cron.py'
[Mon May 09 14:34:01.482266 2022] [rewrite:trace3] [pid 108173] mod_rewrite.c(483): [client 127.0.0.1:50102] 127.0.0.1 - - [127.0.0.1/sid#7f45c42d44a0][rid#7f45c40060a0/initial] applying pattern '^/checkmk(/?|/check_mk)$' to uri '/checkmk/check_mk/run_cron.py'
[Mon May 09 14:34:01.482271 2022] [rewrite:trace3] [pid 108173] mod_rewrite.c(483): [client 127.0.0.1:50102] 127.0.0.1 - - [127.0.0.1/sid#7f45c42d44a0][rid#7f45c40060a0/initial] applying pattern '^/checkmk(/?|/check_mk)$' to uri '/checkmk/check_mk/run_cron.py'
[Mon May 09 14:34:01.482286 2022] [rewrite:trace1] [pid 108173] mod_rewrite.c(483): [client 127.0.0.1:50102] 127.0.0.1 - - [127.0.0.1/sid#7f45c42d44a0][rid#7f45c40060a0/initial] pass through /checkmk/check_mk/run_cron.py
[Mon May 09 14:34:01.482321 2022] [core:trace3] [pid 108173] request.c(320): [client 127.0.0.1:50102] request authorized without authentication by access_checker hook and 'Satisfy any': /checkmk/check_mk/run_cron.py
[Mon May 09 14:34:01.594297 2022] [http:trace3] [pid 108173] http_filters.c(1125): [client 127.0.0.1:50102] Response sent with status 200, headers:
[Mon May 09 14:34:01.595607 2022] [http:trace5] [pid 108173] http_filters.c(1134): [client 127.0.0.1:50102]   Date: Mon, 09 May 2022 12:34:01 GMT
[Mon May 09 14:34:01.595667 2022] [http:trace5] [pid 108173] http_filters.c(1137): [client 127.0.0.1:50102]   Server: Apache
[Mon May 09 14:34:01.595691 2022] [http:trace4] [pid 108173] http_filters.c(955): [client 127.0.0.1:50102]   Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' ssh: rdp:; img-src 'self' data: https://*.tile.openstreetmap.org/ ; connect-src 'self' https://crash.checkmk.com/ https://license.checkmk.com/api/upload ; frame-ancestors 'self' ; base-uri 'self'; form-action 'self' javascript: 'unsafe-inline'; object-src 'self'; worker-src 'self' blob:
[Mon May 09 14:34:01.595711 2022] [http:trace4] [pid 108173] http_filters.c(955): [client 127.0.0.1:50102]   X-Content-Type-Options: nosniff
[Mon May 09 14:34:01.595726 2022] [http:trace4] [pid 108173] http_filters.c(955): [client 127.0.0.1:50102]   Cache-Control: no-cache
[Mon May 09 14:34:01.595742 2022] [http:trace4] [pid 108173] http_filters.c(955): [client 127.0.0.1:50102]   Content-Length: 3
[Mon May 09 14:34:01.595766 2022] [http:trace4] [pid 108173] http_filters.c(955): [client 127.0.0.1:50102]   Content-Type: text/html; charset=utf-8

Hat jemand eine Idee?

1 Like