Bornil Bruno bb (DBB) wrote:
> Hello,
>
>
> I'm a Business Intelligence consultant working on Business Objects
> products and the last one: BusinessObjects Enterprise XI Release 2 (BOE
> XI-R2).
> The BOE XI-R2 product allows to set up Active Directory, LDAP, NT
> authentications mechanisms (and also additionally SSO).
> I have to set up Single Sign On on BOE XI-R2 products and I did it
> successfully several times (on LDAP, AD and NT).
>
> On a specific project, the SSO (using Kerberos with Active Directory)
> does not work and we have difficulties to identify why it is not
> working...
>
> The Kerberos authentication is done through a JVM (1.4.2) and we can
> test it using "kinit" utility. We setup the krb5.ini and all files
> correctly.
> Here are the content of the krb5.ini file:
> [logging]
> default = CONSOLE
> kdc = CONSOLE
> admin_server = CONSOLE
>
> [libdefaults]
> default_realm = DBB.INT.DEXWIRED.NET
> dns_lookup_kdc = true
> dns_lookup_realm = true
> kdc_timeout = 30000
>
> [realms]
> DBB.INT.DEXWIRED.NET = {
> kdc = DLU0SINF001P.DBB.INT.DEXWIRED.NET
> default_domain = DBB.INT.DEXWIRED.NET
> }
>
> Note: We try to use logging with this syntax : default =
> FILE:C:/WINNT/default.log, but no logs were generated ! And CONSOLE
> outputs nothing on Windows.
>


This is a system directory so you need to make sure the account that's
running this has write access to that directory. A better strategy is to
create a different directory like C:\Kerberos and set the permissions on
that directory to allow the application to write there. You really
shouldn't be writing to WINNT at all.

Danny