since SP1 it is promised that we can use SSO in an AD-only-environment for POA on Linux as well.

I was waiting for that for a long time and so tried to setup as described here (SLES11 SP4):


I followed the documentation step-by-step, but without success, my GW-Client still wants a password.

Some points are described a little bit unclear for me ("Make sure that all krb5 rpms are installed on the server." Really all? There are some server krb5s, do I need them as well? Or: "Configure Kerberos by editing the /etc/krb5.conf file using the documentation for your version of SLES" And a Link to SLES11 (in my case) with a lot of text. An example for a groupwise-system would be nice.)

I could sucessfully add the POA-server (which is my only GW-Server) to the Windows Domain. I could add Groupwise to the keytab file with "net ads keytab add groupwise -U administrator" (Had to use the command with "-U administrator"!).

There are no log-entrys in /var/log/krb5. But I can find a logentry in the poa-log, which points to an error with the token: "ERROR The authenticaton token is corrupt, malformed or otherwise invalid [D090] in _WpeGssAcceptContext (The routine completed sucessfully/No errorInvalid token was supplied/No error)"

Does anybody run that in his/her environment successfully? How can I troubleshoot?