Windows authentication via kerberos on LDAP

question - where can I generate ktpass -princ host/ etc. it isn't at j2ee engine machine ( is it at SAP Web Dispatcher)??

Hi Damian
You need to run the command on the Domain Controller
Theo

Similar Messages

  • Authen and Auth via kerberos and ldap (hosted on linux)

    Hello. I am trying to set up authentication via ldap and kerberos. I have usernames stored in a UNIX-style ldap server and kerberos running on the same machine. I am now trying to get the login window to use the ldap server for getting username/password and then to authenticate and get a ticket from kerberos. I have kerberos working (I can use kinit on the mac to get a ticket); if I have a ticket, I can use ldapsearch to get a dump of the ldap directory on the server. However, at the login window, there is no existing kerberos ticket for checking the ldap server, so it cannot be used and falls back to local login. How can I get a ticket or something that will function as such to kerberos so that login window can use the ldap server? Or, how can I get the login window to use the ldap server?
    Any links or other ideas would be appreciated.
    Thanks,
    Sean

    The user can be set in ST01 as the portal user for trace

  • Windows authentication with Kerberos

    Hi All,
    We have configured Kerberos for Windows Authentication for EP 7.0.
    The authentication works fine when we use the server name alone, but it fails when we use the FQDN.
    Any clues would be really helpful.
    Regards,
    Noufal

    Hi Noufal,
    When you register the Service Principal Name on the LDAP, Please make sure that you register it with your FQDN.
    Please refer the Excellent Blog series by Holger Sir here..
    http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/8235. [original link is broken]
    These blog series cover almost all the errors caused during SPNEGO configuration.
    Regards
    Hussain.

  • Connecting to Windows Workgroup via Kerberos

    How do i connect to windows workgroups using kerberos authentication?

    in the finder select "Go" then "Connect to server" and enter "smb://servername/sharename"
    kerberos is an authentication scheme, not a protocol. In order for it to work (when it's not broken), you need to be logged in with kerberos credentials.

  • Checksum failed while authenticating via Kerberos

    Hi All,
    I having a problem getting authentication using kerberos to work, I get the message checksum failed. The environment is Windows 2008 Server as DC and IE 8 as client and the application is running inside JBoss (in this case I am using the negotiation-toolkit) and the following trace is in the server.log. Can someone point me in the right direction for solving this problem, i've configured two local environments using w2k3 and w2k8 which are both working just fine but in the customers network it fails with the following trace:
    l
    2011-03-30 11:33:21,845 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8888-1) Setting threadlocal:{}
    2011-03-30 11:33:21,846 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] (http-0.0.0.0-8888-1) Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
    2011-03-30 11:33:21,846 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0-8888-1) Authenticating user
    2011-03-30 11:33:21,846 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0-8888-1) Header - Negotiate 2011-03-30 11:33:21,847 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] (http-0.0.0.0-8888-1) 2011-03-30 11:33:21,847 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] (http-0.0.0.0-8888-1)2011-03-30 11:33:21,848 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-0.0.0.0-8888-1) associate 176127440
    2011-03-30 11:33:21,850 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-8888-1) Begin isValid, principal:FFE8282EB0A470619839BBD7EDF16A5E, cache info: null
    2011-03-30 11:33:21,850 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-8888-1) defaultLogin, principal=FFE8282EB0A470619839BBD7EDF16A5E
    2011-03-30 11:33:21,850 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-8888-1) Begin getAppConfigurationEntry(SPNEGO), size=13
    2011-03-30 11:33:21,850 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-8888-1) End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]:
    [0]
    LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
    ControlFlag: LoginModuleControlFlag: requisite
    Options:
    name=serverSecurityDomain, value=host
    name=password-stacking, value=useFirstPass
    [1]
    LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
    ControlFlag: LoginModuleControlFlag: required
    Options:
    name=usersProperties, value=props/spnego-users.properties
    name=rolesProperties, value=props/spnego-roles.properties
    name=password-stacking, value=useFirstPass
    2011-03-30 11:33:21,850 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) initialize
    2011-03-30 11:33:21,850 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Security domain: SPNEGO
    2011-03-30 11:33:21,850 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) serverSecurityDomain=host
    2011-03-30 11:33:21,850 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) login
    2011-03-30 11:33:21,850 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-8888-1) Begin getAppConfigurationEntry(host), size=13
    2011-03-30 11:33:21,850 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-8888-1) End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]:
    [0]
    LoginModule Class: com.sun.security.auth.module.Krb5LoginModule
    ControlFlag: LoginModuleControlFlag: required
    Options:
    name=principal, value=host/[email protected]
    name=useKeyTab, value=true
    name=storeKey, value=true
    name=keyTab, value=/DATA/jbossserver.host.keytab
    name=debug, value=true
    name=doNotPrompt, value=true
    2011-03-30 11:33:21,850 INFO [STDOUT] (http-0.0.0.0-8888-1) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /DATA/jbossserver.host.keytab refreshKrb5Config is false principal is host/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false
    2011-03-30 11:33:21,850 INFO [STDOUT] (http-0.0.0.0-8888-1) KeyTab instance already exists
    2011-03-30 11:33:21,850 INFO [STDOUT] (http-0.0.0.0-8888-1) Added key: 23version: 4
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) Ordering keys wrt default_tkt_enctypes list
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) Using builtin default etypes for default_tkt_enctypes
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) default etypes for default_tkt_enctypes:
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 3
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 1
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 23
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 16
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 17
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) .
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) principal's key obtained from the keytab
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) Acquire TGT using AS Exchange
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) Using builtin default etypes for default_tkt_enctypes
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) default etypes for default_tkt_enctypes:
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 3
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 1
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 23
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 16
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 17
    2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) .
    2011-03-30 11:33:21,852 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbAsReq calling createMessage
    2011-03-30 11:33:21,852 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbAsReq in createMessage
    2011-03-30 11:33:21,852 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbKdcReq send: kdc=rm-hq-dc1.shipyard.local UDP:88, timeout=30000, number of retries =3, #bytes=158
    2011-03-30 11:33:21,852 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KDCCommunication: kdc=rm-hq-dc1.shipyard.local UDP:88, timeout=30000,Attempt =1, #bytes=158
    2011-03-30 11:33:21,853 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbKdcReq send: #bytes read=633
    2011-03-30 11:33:21,854 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbKdcReq send: #bytes read=633
    2011-03-30 11:33:21,854 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
    2011-03-30 11:33:21,854 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbAsRep cons in KrbAsReq.getReply host/jbossserver
    2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1) principal is host/[email protected]
    2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1) EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 4F C6 44 97 D0 B8 9C 96 A9 79 5B 87 EB 44 71 33 O.D......y[..Dq3
    2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1) Added server's keyKerberos Principal host/[email protected] Version 4key EncryptionKey: keyType=23 keyBytes (hex dump)=
    0000: 4F C6 44 97 D0 B8 9C 96 A9 79 5B 87 EB 44 71 33 O.D......y[..Dq3
    2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1)           [Krb5LoginModule] added Krb5Principal host/[email protected] to Subject
    2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1) Commit Succeeded
    2011-03-30 11:33:21,858 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Subject = Subject:
         Principal: host/[email protected]
         Private Credential: Ticket (hex) =
    0000: 61 82 01 1F 30 82 01 1B A0 03 02 01 05 A1 13 1B a...0...........
    0120: 9E 96 D4 ...
    Client Principal = host/[email protected]
    Server Principal = krbtgt/[email protected]
    Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
    0000: 81 5B 77 9E C3 74 46 AC 87 26 B0 00 5C B6 56 6E .[w..tF..&..\.Vn
    Forwardable Ticket false
    Forwarded Ticket false
    Proxiable Ticket false
    Proxy Ticket false
    Postdated Ticket false
    Renewable Ticket false
    Initial Ticket false
    Auth Time = Wed Mar 30 11:33:17 CEST 2011
    Start Time = Wed Mar 30 11:33:17 CEST 2011
    End Time = Wed Mar 30 21:33:17 CEST 2011
    Renew Till = null
    Client Addresses Null
         Private Credential: Kerberos Principal host/[email protected] Version 4key EncryptionKey: keyType=23 keyBytes (hex dump)=
    0000: 4F C6 44 97 D0 B8 9C 96 A9 79 5B 87 EB 44 71 33 O.D......y[..Dq3
    2011-03-30 11:33:21,858 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Logged in 'host' LoginContext
    2011-03-30 11:33:21,858 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Creating new GSSContext.
    2011-03-30 11:33:21,866 INFO [STDOUT] (http-0.0.0.0-8888-1) Found key for host/[email protected](23)
    2011-03-30 11:33:21,867 INFO [STDOUT] (http-0.0.0.0-8888-1) Entered Krb5Context.acceptSecContext with state=STATE_NEW
    2011-03-30 11:33:21,868 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
    2011-03-30 11:33:21,869 ERROR [STDERR] (http-0.0.0.0-8888-1) Checksum failed !
    2011-03-30 11:33:21,870 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Result - GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
    2011-03-30 11:33:21,870 ERROR [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Unable to authenticate
    GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
         at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
         at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
         at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
         at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:294)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.security.auth.Subject.doAs(Subject.java:337)
         at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:118)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
         at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
         at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
         at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
         at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
         at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
         at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
         at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
         at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
         at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
         at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
         at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
         at java.lang.Thread.run(Thread.java:619)
    Caused by: KrbException: Checksum failed
         at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:85)
         at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:77)
         at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168)
         at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:267)
         at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
         at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
         at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
         ... 35 more
    Caused by: java.security.GeneralSecurityException: Checksum failed
         at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:388)
         at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:74)
         at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:83)
         ... 41 more
    2011-03-30 11:33:21,871 INFO [STDOUT] (http-0.0.0.0-8888-1)           [Krb5LoginModule]: Entering logout
    2011-03-30 11:33:21,871 INFO [STDOUT] (http-0.0.0.0-8888-1)           [Krb5LoginModule]: logged out Subject
    2011-03-30 11:33:21,872 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) abort
    2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) initialize
    2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Security domain: SPNEGO
    2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) findResource: null
    2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Properties file=vfsfile:/DATA/jboss-5.1.0.GA/server/default/conf/props/spnego-users.properties, defaults=null
    2011-03-30 11:33:21,872 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Loaded properties, users=[]
    2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) findResource: null
    2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Properties file=vfsfile:/DATA/jboss-5.1.0.GA/server/default/conf/props/spnego-roles.properties, defaults=null
    2011-03-30 11:33:21,872 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Loaded properties, users=[[email protected], [email protected]]
    2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) abort
    2011-03-30 11:33:21,872 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-8888-1) Login failure
    javax.security.auth.login.LoginException: Unable to authenticate - Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
         at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:141)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
         at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
         at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
         at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
         at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
         at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
         at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
         at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
         at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
         at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
         at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
         at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
         at java.lang.Thread.run(Thread.java:619)
    2011-03-30 11:33:21,873 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-8888-1) End isValid, false
    2011-03-30 11:33:21,873 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-0.0.0.0-8888-1) clear 176127440
    2011-03-30 11:33:21,873 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8888-1) Setting threadlocal:null
    2011-03-30 11:33:21,873 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8888-1) Setting threadlocal:null

    Thanks! That did the trick.
    For those who aren't sure what we're talking about, here are the details. In the inspector tab of the user's record in Workgroup Manager, there's an item called AuthenticationAuthority. For servers that use Kerberos, it should have at least two attributes, one for ApplePasswordServer and one for Kerberos.
    The Kerberos entry should look something like this:
    ;Kerberosv5;0x4de7dafb19f92bf00000008b0000207c;[email protected];
    MYSERVER.MYDOMAIN.COM;1024 35 1501888096699469040706569854027123220425732604738787130135110270232071940183724 3
    78199029604219894640418726569868666187867257570714183982184166144733112632082318
    21356466533532379022305132046121848691642928615842396713606475071069113591094835
    025483043226511805720826544139932983788313141311383927555379596135211 [email protected]:123.45.67.89
    When you copy the attribute from a working user, there are two items that need to be changed (assuming you have only one kerberos realm). The first item is the long string of letters and numbers after ;Kerberosv5; in the first line. That's the user's UUID. The second is the user's short name ("fred" in the example above). The easiest way to make the changes is to paste the attribute into a text editor (TextEdit, or TextWrangler if you have it). Copy the user's UUID from the problematic account, and paste it over the one in the text you previously copied and pasted. Then change the short name to match the problematic user. Then copy the entire block from your text editor, select AuthenticationAuthority and click the New Value button. Click in the Text: field and paste. The Hex field will take care of itself. Click OK, then Save your changes.
    Of course before you start making changes like this to your directory, make sure you have a good back up to revert back to in case something gets messed up.

  • Problem getting an LDAPContext after authenticating via Kerberos

    Hi,
    I am trying to create a Java program that can query an Active Directory server using the currenlty logged in Windows user's credentials to authenticate via LDAP.
    I am getting the following error in my output when trying to create the LdapContext object.
    GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Ticket)
    The full output is as follows
    Debug is  true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
    Acquire TGT from Cache
    KinitOptions cache name is C:\Documents and Settings\Administrator.THALES-3D8PWWDM\krb5cc_AdministratorAcquire default native Credentials
    Obtained TGT from LSA: Credentials:
    [email protected]
    server=krbtgt/[email protected]
    authTime=20090618162927Z
    startTime=20090618162927Z
    endTime=20090619022927Z
    renewTill=20090625162927Z
    flags: FORWARDABLE;RENEWABLE;INITIAL;PRE-AUTHENT
    EType (int): 23
    Principal is [email protected]
    Commit Succeeded
    Subject:
         Principal: [email protected]
         Private Credential: Ticket (hex) =
    0000: 61 82 03 BC 30 82 03 B8   A0 03 02 01 05 A1 0A 1B  a...0...........
    <REMOVED>4   8A 8C BE 6B FD 65 5D 2F  .R..t#@d...k.e]/
    Client Principal = [email protected]
    Server Principal = krbtgt/[email protected]
    Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
    0000: C0 62 F6 3F 5C 29 F4 7B   C1 FC AB A0 77 D1 E7 E0  .b.?\)......w...
    Forwardable Ticket true
    Forwarded Ticket false
    Proxiable Ticket false
    Proxy Ticket false
    Postdated Ticket false
    Renewable Ticket true
    Initial Ticket true
    Auth Time = Thu Jun 18 17:29:27 BST 2009
    Start Time = Thu Jun 18 17:29:27 BST 2009
    End Time = Fri Jun 19 03:29:27 BST 2009
    Renew Till = Thu Jun 25 17:29:27 BST 2009
    Client Addresses  Null
    Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri Jun 19 03:29:27 BST 2009
    KinitOptions cache name is C:\Documents and Settings\Administrator.THALES-3D8PWWDM\krb5cc_AdministratorAcquire default native Credentials
    Obtained TGT from LSA: Credentials:
    [email protected]
    server=krbtgt/[email protected]
    authTime=20090618162927Z
    startTime=20090618162927Z
    endTime=20090619022927Z
    renewTill=20090625162927Z
    flags: FORWARDABLE;RENEWABLE;INITIAL;PRE-AUTHENT
    EType (int): 23
    Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri Jun 19 03:29:27 BST 2009
    GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Ticket)
         at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Unknown Source)
         at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown Source)
         at sun.security.jgss.GSSManagerImpl.getCredentialElement(Unknown Source)
         at sun.security.jgss.GSSCredentialImpl.add(Unknown Source)
         at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)
         at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)
         at sun.security.jgss.GSSManagerImpl.createCredential(Unknown Source)
         at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
         at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
         at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
         at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)
         at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
         at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
         at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
         at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
         at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
         at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
         at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
         at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
         at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
         at javax.naming.InitialContext.init(Unknown Source)
         at javax.naming.InitialContext.<init>(Unknown Source)
         at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
         at com.thalesgroup.planit.ldap.LDAPAction.performLDAPOperation(Main.java:87)
         at com.thalesgroup.planit.ldap.LDAPAction.run(Main.java:66)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.security.auth.Subject.doAs(Unknown Source)
         at com.thalesgroup.planit.ldap.Main.main(Main.java:46)
    javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate I am running this using the following VM arguments
    -Djavax.security.auth.useSubjectCredsOnly=false -Dsun.security.krb5.debug=true
    Finally my jaas config file is as follows
    fsta {
         com.sun.security.auth.module.Krb5LoginModule required
    debug=true client=false useTicketCache=true;
    com.sun.security.jgss.initiate {
    com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
    };I am running this locally on the AD server (running Windows Server 2003).
    Does anybody know how I can get rid of the exception and create an authenticated LdapContext?
    Any suggestions would be greatly appreciated.
    Thanks
    Graeme

    My java source is as follows (its a modified example I found online)
    import java.util.Hashtable;
    import javax.naming.Context;
    import javax.naming.NamingEnumeration;
    import javax.naming.NamingException;
    import javax.naming.directory.Attributes;
    import javax.naming.directory.DirContext;
    import javax.naming.directory.InitialDirContext;
    import javax.naming.directory.SearchControls;
    import javax.naming.directory.SearchResult;
    import javax.security.auth.Subject;
    import javax.security.auth.login.LoginContext;
    import javax.security.auth.login.LoginException;
    import com.sun.security.auth.callback.TextCallbackHandler;
    public class Main {
        public static void main(String[] args) {
        java.util.Properties p = new java.util.Properties(System.getProperties());
        p.setProperty("java.security.krb5.realm", "fsta.com");
        p.setProperty("java.security.krb5.kdc", "192.168.1.10");
        p.setProperty("java.security.auth.login.config", "C:\\jaas.conf");
        System.setProperties(p);
        // 1. Log in (to Kerberos)
        LoginContext lc = null;
        try {
                lc = new LoginContext("fsta", new TextCallbackHandler());
        // Attempt authentication
        lc.login();
        } catch (LoginException le) {
        System.err.println("Authentication attempt failed" + le);
        System.exit(-1);
        Subject subject = lc.getSubject();
        System.out.println(subject.toString());
        // 2. Perform JNDI work as logged in subject
        Subject.doAs(subject, new LDAPAction(args));
        // 3. Perform LDAP Action
        * The application must supply a PrivilegedAction that is to be run
        * inside a Subject.doAs() or Subject.doAsPrivileged().
        class LDAPAction implements java.security.PrivilegedAction {
        private String[] args;
        private static String[] sAttrIDs;
        private static String sUserAccount = new String("Administrator");
        public LDAPAction(String[] origArgs) {
        this.args = origArgs.clone();
        public Object run() {
        performLDAPOperation(args);
        return null;
        private static void performLDAPOperation(String[] args) {
        // Set up environment for creating initial context
        Hashtable env = new Hashtable(11);
        env.put(Context.INITIAL_CONTEXT_FACTORY,
        "com.sun.jndi.ldap.LdapCtxFactory");
        // Must use fully qualified hostname
        env.put(Context.PROVIDER_URL, "ldap://192.168.1.10:389");
        // Request the use of the "GSSAPI" SASL mechanism
        // Authenticate by using already established Kerberos credentials
        env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
    //    env.put("javax.security.sasl.server.authentication", "true");
        try {
        /* Create initial context */
        DirContext ctx = new InitialDirContext(env);
        /* Get the attributes requested */
        //Create the search controls        
        SearchControls searchCtls = new SearchControls();
        //Specify the attributes to return
        String returnedAtts[]={"sn","givenName","mail"};
        searchCtls.setReturningAttributes(returnedAtts);
        //Specify the search scope
        searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        //specify the LDAP search filter
        String searchFilter = "(&(objectClass=user)(mail=*))";
        //Specify the Base for the search
        String searchBase = "DC=fsta,DC=com";
        //initialize counter to total the results
        int totalResults = 0;
        // Search for objects using the filter
        NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
        //Loop through the search results
        while (answer.hasMoreElements()) {
                SearchResult sr = (SearchResult)answer.next();
            totalResults++;
            System.out.println(">>>" + sr.getName());
            // Print out some of the attributes, catch the exception if the attributes have no values
            Attributes attrs = sr.getAttributes();
            if (attrs != null) {
                try {
                System.out.println("   surname: " + attrs.get("sn").get());
                System.out.println("   firstname: " + attrs.get("givenName").get());
                System.out.println("   mail: " + attrs.get("mail").get());
                catch (NullPointerException e)    {
                System.err.println("Error listing attributes: " + e);
        System.out.println("RABOTIII");
            System.out.println("Total results: " + totalResults);
        ctx.close();
        } catch (NamingException e) {
        e.printStackTrace();
    }Edited by: GraemeK on Jun 18, 2009 11:56 AM

  • Really need help: authenticating via iPlanet Directory LDAP

    ok. I've created my security realm provider with the iplanetAuthenticator. Now,
    how do I protect a directory in my ear file and how do I password protect a /servlet/
    that I have with a login and password? Do I need to modify my web.xml? If so,
    does anyone have any samples I can take a look at?
    The docs aren't also clear on the user I must setup in the ldap directory and
    how that works...Can someone help?

    the samples has a sample on how to setup security
    or you can use console to setup security on specific resources in your case
    urls.
    -kiran
    "Franko" <[email protected]> wrote in message
    news:3f79f5e1$[email protected]..
    >
    ok. I've created my security realm provider with the iplanetAuthenticator.Now,
    how do I protect a directory in my ear file and how do I password protecta /servlet/
    that I have with a login and password? Do I need to modify my web.xml? Ifso,
    does anyone have any samples I can take a look at?
    The docs aren't also clear on the user I must setup in the ldap directoryand
    how that works...Can someone help?

  • Kerberos authentication via Apache ...

    Hi all !
    we use SAP NW Portal 7.0; we can access the portal from internet via Apache as reverse proxy;
    our internal and external users access the portal via the Apache reverse proxy;
    now we want to use kerberos to authenticate against J2EE of Portal;
    Kerberos is working when ich access the Portal directly via http://<fqdn>:<port>/irj;
    but when we want to access the portal via Apache reverse proxy e.g. http://portal.test.com authentication via Kerberos don't work; Apache doesn't pass the kerberos ticket;
    is there any solution ?
    the Apache reverse proxy should be the 'single point of contact' for portal access;
    Thanks
    Oliver

    to use the portal, all users ( internal or external ) have to use the URL to our apache reverse proxy; the URL is the same for internal or external users
    ==> http://portal.test.com;
    for the internal users, it would be nice if the apache reverse proxy could pass the kerberos ticket to the portal server so that the login page doesn't appear;
    how to ?
    Thanks
    Oliver

  • Windows Authentication on SP 14 Server

    Hi,
    i want to achieve Windows Authentication on SP 14 Server.
    which is the best way?
    Thanks in advance
    Regards,
    Bobu

    You can go for Kerberos Authentication. There are plenty of weblogs and forum discussions on this.
    Windows Integrated Authentication via Kerberos on an LDAP data source
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b69f6f89-0a01-0010-1198-ba7fff95a2ec
    Regards,
    Piyush
    ps: please award points if useful.

  • The kerberos PAC verification failure when all users of only one RODC Site, trying to get access iis webpage of different site using Integrated Windows Authentication

    The kerberos PAC verification failure when all users of only one Site which having only one RODC server(A), trying to get access iis webpage of different site which having WDC server(B) using Integrated Windows Authentication. But when they accessing the
    website using IP address, it is not asking for credentials as I think it is using NTLM Authentication at that time which is less secure than Kerberos.
    Note that:- All user accounts and Computers of the RODC has been allowed cache password on the RODC. Nearest WDC for the RODC (A) is the WDC (B).
    The website is hosted on a windows server 2003 R2 and generating below system event log for those users of the RODC site :-
    Event Type: Error
    Event Source: Kerberos
    Event Category: None
    Event ID: 7
    Date:
    <var style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">date</var>
    Time:
    <var style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">time</var>
    User: N/A
    Computer:
    <var style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">computer_name (the 2003 server)</var>
    Description: The kerberos subsystem encountered a PAC verification failure. This indicates that the PAC from the client<var style="color:#333333;font-family:'Segoe
    UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">computer_name</var> in realm <var
    style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">realm_name</var> had
    a PAC which failed to verify or was modified. Contact your system administrator.
    This issue has been raised for last one week. Before that everything was fine. No Group Policy changed, Time also same.
    In this situation do I need to do Demotion of the RODC and re-promote it as RODC again  or is there any other troubleshooting to resolve it.
    Thanks in Advanced
    Souvik

     Hi Amy,
    Thanks for your response
    I noticed that Logon server could become incorrect again after user re-login or restart of a workstation.
    It seems root cause is different.  Need a permanent solution.
    The Workstations of the RODC site are getting IP from a DHCP server by automatic distribution of IP from a specific subnet for the site only.  The RODC is
    the Primary DNS server for the site.
    I have checked the subnet and it is properly bound with only with that AD site. The group of users and workstations are in the same site AD organisational Unit.
    Sometime I restarted the NET LOGON service and DNS server service on ther RODC server and sometime rebooted the server. But the Logon server issue has not fixed permanently.
    The internal network bandwidth of the site is better than the bandwidth to communicate with other site.  
    The server is Windows server 2008 R2 standard and hosting the below roles
    RODC
    DNS
    File server
    The server performance is Healthy in core times when maximum users usually logins. 
    Any further support would be much appreciated Amy
    Thanks
    Souvik

  • NAC authentication via Windows AD

    Hi,
    we have a Nac enviroment with users that are defined on the ACS. Also the groups are defined on this machine.
    The problem is that we have to move all the users from the ACS to the domain controller, so all the users will become AD users.
    In which way we have to configure the NAC enviroment to permit the authentication via Active Directory instead of Radius that runs on the ACS?
    Thanks a lot!
    Leonardo

    You have to create a map rule if you have two or
    more Roles authenticating in the same LDAP Auth Server
    and not if you have two or more auth servers
    If the users authenticating today in Radius Server ACS is associated with a single Role XYZ, then you can configure the LDAP Server linking users to the same Role XYZ.
    You will have two providers for the same Role.

  • Windows AD with Kerberos authentication not supported for NW AS JAVA 7.1

    The Admin guide for BO 3.1 states that Windows AD with Kerberos authentication is not supported on NetWeaver AS.
    Can anybody suggest & confirm on this???

    I know we haven't been receiving cases for it, but I think in theory it should work fine. BO doesn't really care what web/app kerberos comes from as the manual authentication uses the java SDK (i.e tomcat 5.5 would use Sun JDK 1.5), and SSO kerberos (vintela) uses 3rd party libraries. It's possible our 3rd party libraries may not support netweaver yet. If I hear anything else I'll post.
    Regards,
    Tim

  • Windows Authentication Kerberos - Logon with different windows user

    I've successfully set up Windows Integrated Authentication/SPNego/Kerberos logon on my portal.  Now when I launch the portal from a workstation I am logged on automatically with my Windows userid without needed to provided userid and password again - very happy!
    When I press logoff the portal returns to the logon screen, sees that I've got a kerberos ticket, and logs me straight back on!  Not happy!
    As an administrator or as a super user, it is sometimes necessary to log on with an administrative userid or to visit an end user and log on as myself on their workstation.  Therefore, I need a mechanism to override the automatic logon and force a basic password prompt screen.
    As I understand it I can achieve this by creating a special iView with its own authscheme which does not use SPNego.  I could either point the logoff redirect url setting to this iView or I could simply enter the quicklink for the iView in the browser.  Will this circumvent the automatic logon and, if so, is there anything special I need to do to achieve this?
    I had hoped to use the standard logon screen as the iView.  I've got that stored in a par file (along with my corporate icons and a link to local help files).  I uploaded the par file through system administration - support - portal runtime - administration console and thought I might be able to see that when I created a portal component iView but it's not visible.  Should it be?

    When I need to logon as a test user, I find it easier to disable the integrated Windows authentication in the browser. You can do that in the menus, but I change the registry. Create two text files (e.g., DisableKerb.reg and EnableKerb.reg)
    Disable.reg:
    Windows Registry Editor Version 5.00
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "EnableNegotiate"=dword:00000000
    Enable.reg:
    Windows Registry Editor Version 5.00
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "EnableNegotiate"=dword:00000001
    Then just double-click to change your authentication mechanism.
    Regards,
    Sean

  • How can I set up ssh via kerberos on MacOS 10.5 (Leopard)?

    I am the de facto mac sysadmin for a few mac labs on a campus that is primarily Windows-using, and we have the Macs configured to do single sign-on via Kerberos and get their directory info via LDAP and home directories via NFS. This works fine for someone physically sitting at the machine, but I am running into a brick wall when it comes to sshing into these machines. ssh itself definitely works: I can ssh into the machine with a local user and password. And as I said, the kerberized login works fine from console. It's just getting the two to talk to each other.... Furthermore, there is a Linux box that we can successfully log into via kerberos/sso, so it's unlikely to be anything on the client side.
    Things I've tried:
    * Editing /etc/authorization and changing "authinternal" under system.login.tty to "builtin:krb5authnoverify,privileged" (I think this used to work; the same change to system.login.console is definitely what makes the console logins work)
    * Editing /etc/sshd_config and setting "GSSAPIAuthentication yes" (this makes it match the sshd_config on the linux box we can log in to)
    * In the same file, turning on "KerberosAuthentication" and friends (just because it looked promising)
    Any ideas?

    It's not completely obvious. What you have to do in Spaces is to position your cursor to the upper right of the screen, after which faint + (plus) sign appears in that area. Click that, upon which another Desktop will appear.
    The + may be difficult or impossible to see with some desktop backgrounds (black, for instance):

  • Windows Authenticated User Login

    Hi All,
    Does anybody know if there are plans to incorporate Windows Authenticated Login to SAP Business One in the future?
    We have many customers who ask this question - why should people have to remember a windows login AND one to B1?
    If this is not yet planned for release, could you please consider it?
    Many thanks
    Mark

    Hi Vikas
    As Patrick mentioned, there is no native support built into the ABAP AS for LDAP authentication via SAPGUI.
    As an option and If you have SAP Identity Management you could look at deploying the password hook, this provides an enterprise password of same password approach. Hence end users can enter their MSAD password to gain access to SAP via SAPGUI - it works well.
    SAP Identity Management : Password Hook Configuration Guide
    http://scn.sap.com/docs/DOC-17112
    The SAP NetWeaver Identity Management Password Hook is a password hook DLL that can be installed on the Microsoft domain controller(s) in the password verification chain. The hook intercepts password changes in the Microsoft domain and distributes it to other applications using the SAP NetWeaver Identity Management Identity Center.
    Hope it helps.
    Rgrds
    Craig

Maybe you are looking for

  • Plant as a Dealer

    Hi Experts, Could you some guide me about the scenarios when Plant woul d hold the Excise Resistration as Dealer. 1.Import Purchase in Plant (Dealer) - How to pass on CVD to customer while selling those import Product. Is there any need to introduce

  • Asset Reconciliation Account

    Hello Experts- I fell in a tricky situation at my work place. We have an asset reconciliation account which has a balance but, this balance does not correspond to any asset. When SAP Fixed assets was implemented here, they had a balance for this acco

  • How can I change the proportional font in Firefox?

    I prefer helvetica font, so I have changed the fonts for webpages in Firefox settings to it (changed all fonts to helvetica, unchecked "Allow pages to choose their own fonts, instead of my selections above"). However, some webpages still display in w

  • Purchasing contracts

    hi , i am using the message type BLAORD in my LSMW object for Purchasing contracts. I am facing this problem of clearing of the field ZTERM (Payment Term). The value for this field is being populated by the IDOC and also posted in the field, but once

  • Resource Loading in P6 V.8

    Hi Is there any way to load the resources in WBS level and will be distributed to the activities based duration?