Successfully mapped HTTP/ticket.mabnaco.local to zammad. Building salt with principalname HTTP/ticket.mabnaco.local and domain MABNACO.LOCAL (encryption type 18)... Hashing password with salt "MABNACO.LOCALHTTPticket.mabnaco.local". Key created. Output keytab to zammad.keytab: Keytab version: 0x502 keysize 90 HTTP/ticket.mabnaco.local@MABNACO.LOCAL ptype 1 (KRB5_NT_PRINCIPAL) vno 9 etype 0x12 (AES256-SHA1) keylength 32 (0x539a24f8627ff3e7c95c015f5548c24e65a77369f20f6eca97dfc2c88bace3d8)
Copy the zammad.keytab file to your host with right permission
#
# this is an example apache 2.4 config for zammad
# Please visit https://docs.zammad.org for further input on how to configure
# your apache to work with Zammad
#
# security - prevent information disclosure about server version
ServerTokens Prod
<VirtualHost *:80>
ServerName ticket.mabnaco.local
Redirect / https://ticket.mabnaco.local/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLCertificateFile /etc/ssl/zammad.cer
SSLCertificateKeyFile /etc/ssl/zammad.key
# SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem
# replace 'localhost' with your fqdn if you want to use zammad from remote
ServerName ticket.mabnaco.local
## don't loose time with IP address lookups
HostnameLookups Off
## needed for named virtual hosts
UseCanonicalName Off
## configures the footer on server-generated documents
ServerSignature Off
ProxyRequests Off
ProxyPreserveHost On
<Proxy 127.0.0.1:3000>
Require local
</Proxy>
ProxyPass /assets !
ProxyPass /favicon.ico !
ProxyPass /apple-touch-icon.png !
ProxyPass /robots.txt !
ProxyPass /ws ws://127.0.0.1:6042/
ProxyPass / http://127.0.0.1:3000/
# change this line in an SSO setup
# RequestHeader unset X-Forwarded-User
# Use settings below if proxying does not work and you receive HTTP-Errror 404
# if you use the settings below, make sure to comment out the above two options
# This may not apply to all systems, applies to openSuse
#ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"
#ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"
DocumentRoot "/opt/zammad/public"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/opt/zammad/public">
Options FollowSymLinks
Require all granted
</Directory>
<LocationMatch "/auth/sso">
# SSLRequireSSL
AuthType Kerberos
AuthName "Your Zammad"
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms MABNACO.LOCAL
KrbLocalUserMapping on # strips @REALM suffix from REMOTE_USER variable
KrbServiceName HTTP/ticket.mabnaco.local
Krb5KeyTab /etc/apache2/zammad.keytab
require valid-user
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1,NS]
RequestHeader set X-Forwarded-User "%{RU}e" env=RU
</LocationMatch>
</VirtualHost>
