Sol, CAS can be configured to use JAAS (Java Authentication Authorization Service) which can be configured to use Kerberos authentication. However, Kerberos tickets would be used strictly to authenticate users with the backend Kerberos server. CAS still uses its own tickets, which is very Kerberos like. I am not too familiar with it, but it is also possible use the SPNEGO support in CAS 3 to perform Kerberos or NTLM authentication.
For more information, check out the CAS User Manual on JAAS (http://www.ja-sig.org/wiki/display/CASUM/JAAS) or SPNEGO (http://www.ja-sig.org/wiki/display/CASUM/SPNEGO) HTH, A- On 2/11/09 7:30 AM, "sol myr" <[email protected]> wrote: > Hi, > > We are evaluation CAS. > Our security guys require Kerberos authentication (note: all our machines are > Windows, servers and clients alike). Now we were wondering: how does CAS > support Kerberos, exactly? In particular : > > Is it possible/customary to configure CAS to use Kerberos tickets *instead* of > CAS tickets? Or is it Kerberos tickets *in addition* to CAS tickets (so that > the client first obtains a kerberos ticket, which CAS-server validates and > then issues a CAS TGC )? > > Thanks very much. > > > > -- Andrew Feller, Analyst LSU University Information Services 200 Frey Computing Services Center Baton Rouge, LA 70803 Office: 225.578.3737 Fax: 225.578.6400 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
