ACCESS DENIED (!read the rest of the text below!)
Note: Access to these pages is done through Kerberos. Your system and browser must be set up as described below.
Your access to either the Location 1 or Location 2 was denied (401). This can have several reasons:
- i. You do not have a valid kerberos ticket
- type kinit in a shell to get a ticket, verify with klist that your ticket is valid
- ii. Your web browser is not set up for single sign-on
- read the relevant documentation, then configure network.negotiate-auth.trusted-uris to .example.com. You do not need to configure delegation.
- iii. If you get your TGT after launching the browser
- please quit and restart your browser, some do not handle TGT acquired after browser launch.
- iv. you are not on the list of users granted access to the pages
- email your admin and ask for access, stating
- which department you work in
- which logs you need access to
- why you require access to the logs
the primary aim of the access control is to make sure that no person who should not
access these pages gets in. As such, I use a white-list, meaning you must explicitly
be listed to have access.
These pages do not, and will never, ask you to enter your kerberos
login/password. You should be wary of any pages that do. Single sign-on
means you kinit once a day and never enter your kerberos password after that.