SSO with UCS & Kopano

I have installed the AD compatible domain controller. My computer could become a member of the domain.

But if I start the DeskApp and activate the logon with the Windows logon data there (use system logon data) I get an error.

“Single Sign On is not supported by the webserver. Please enter your username and password.”

I’ve been searching the web for hours now. I find a lot of basic information about LDAP, but no indication as to whether or how I can activate it in UCS.

Translated with

hi @bitboy0,

your webserver would need to have been configured to support login via Kerberos. This is explained in (and the chapters leading to it).

I installed libapache2-mod-auth-kerb

then I enter

chmod 400 /etc/httpd/keytab.apache
chown apache:apache /etc/httpd/keytab.apache

but there is no file like /etc/httpd/keytab.apache
and there is no user like “apache” … so I failed

Is there anything to do before that steps?
I’m not really Linux expert … I use the vmware-virtual machine as provided by UCS. So it is DEBIAN

The manual is not really meant as a copy & paste howto, so you’d still need to adapt paths (and if you scroll up in the documents it tells you how to generate the keytab.apache file).

1 Like

Just to understand: Do I have to create the keytab.apache on a Windows machine? I don’t have a Windows server anymore. Otherwise I can only use a Windows10 client.

No, this is generally also possible on a Linux machine (for example directly in the Univention host). see

as I just got a “popular link” notification on the link in my first reply. Meanwhile there is also the possibility to use OpenID Connect for SSO with Kopano WebApp, which does not rely on setting up Kerberos first.

Script for automated setup is located at

An important notice is though, that OIDC login is not supported by Kopano DeskApp however.