Proxy and GUI Authentication with Auth-Service
The initial Kron PAM installation includes the TACACS+ configuration. If there is a need for LDAP user authentication with the Kron PAM GUI, LDAP needs to be configured on the TACACS+ Management page.
To use auth-service instead, add LDAP configurations on the LDAP Manager page, as described in Quick LDAP/AD Integration.
For Tomcat configuration:
- Open and edit the file /u01/netright-tomcat/netright/netright.properties. Change the line below and add a new property as follows:
netright.auth.tacacs=true change to: netright.auth.tacacs=false add parameters: netright.auth.auth-service=true netright.auth.auth-service.base.url=http://127.0.0.1:8087 |
|---|
- Restart the Netright-Tomcat service with the following command: Systemctl restart netright-tomcat
If you receive the ERROR AuthService:109 error in the Catalina log, It means that the auth-service is not up and running.
- ERROR AuthService:109 - An exception occurred. Details: I/O error on POST request for "http://127.0.0.1:8087/authenticate/aioc": Connect to 127.0.0.1:8087 [/127.0.0.1] failed: Connection refused (Connection refused); nested exception is org.apache.http.conn.HttpHostConnectException: Connect to 127.0.0.1:8087 [/127.0.0.1] failed: Connection refused (Connection refused)
For SSH proxy configuration:
- Open and edit the file /u01/nssoapp/conf/nsso.properties. Change the line below and add a new property as follows:
nsso.auth.type=tacacs change to: nsso.auth.type=auth-service add parameter: nsso.authservice.server=http://127.0.0.1:8087 |
|---|
- Restart the SSH proxy service with the following command line: Systemctl restart nssoapp
For SSH proxy configuration:
- Open and edit the file, /u01/sftp-proxy/conf/nsso.properties. Change the line below and add a new property as follows:
nsso.auth.type=tacacs change to: nsso.auth.type=auth-service add parameter: nsso.authservice.server=http://127.0.0.1:8087 |
|---|
- Restart the SFTP proxy service with the following command line: Systemctl restart sftp_prox

For HTTP proxy configuration:
- Open and edit the file /u01/http-proxy/conf/ http_proxy.properties. Change the line below and add a new property as follows:
http.proxy.auth.type=tacacs change to: http.proxy.auth.type=auth-service add parameter: nsso.authservice.server=http://127.0.0.1:8087 |
|---|
- Restart the sftp proxy service: Systemctl restart http_prox