manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Libucha <mlibu...@gmail.com>
Subject Re: Kerberos warning
Date Wed, 06 Nov 2013 22:37:43 GMT
Thanks for finding this Karl. Adding this line to logging.ini indeed fixed
it:

log4j.logger.org.apache.http.client.protocol.RequestTargetAuthentication=ERROR,
MAIN

Mark


On Mon, Nov 4, 2013 at 5:43 PM, Karl Wright <daddywri@gmail.com> wrote:

> Here you go:
>
>
> http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/201301.mbox/%3CA0632223C5686042AD41B9F46BAD76DB01092D2C5875@NDMSSCC08.ndc.nasa.gov%3E
>
> You'd want to set the logger change in the ManifoldCF logging.ini file.
>
> Karl
>
>
>
> On Mon, Nov 4, 2013 at 8:41 PM, Karl Wright <daddywri@gmail.com> wrote:
>
>> Hi Mark,
>>
>> This warning comes from HttpComponents HttpClient.  It occurs because the
>> system you are communicating with has "negotiate" set.  It's therefore
>> trying first to find a Kerberos ticket, and failing that, falling back to
>> NTLM.
>>
>> There are two ways to fix this.  First is to find out how to disable the
>> warning in HttpClient.  Second is to change the configuration of the target
>> system's IIS from "Negotiate" to just plain "NTLM".  I wish I knew how to
>> do the former; I suspect there's a way to do if you just google the message.
>>
>> Karl
>>
>>
>>
>> On Mon, Nov 4, 2013 at 8:29 PM, Mark Libucha <mlibucha@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> Anyway to eliminate this from my logs?
>>>
>>> NEGOTIATE authentication error: No valid credentials provided (Mechanism
>>> level: No valid credentials provided (Mechanism level: Failed to find any
>>> Kerberos tgt))
>>>
>>> I'm using an Active Directory authority with NTLM, which succeeds.
>>>
>>> Not a big deal, but it would cut down on the size of the logs if there
>>> was a way to specify not to try Kerberos? Is there?
>>>
>>> Thanks,
>>>
>>> Mark
>>>
>>>
>>
>

Mime
View raw message