Hello,
I am trying to set up CAS to authenticate against Kerberos using the
JaasAuthenticationHandler, and it's not working. In my
deployerConfigContext.xml, I have the JaasAuthenticationHandler:
-----------
<bean
class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler"
/>
-----------
I also have my /etc/jaas.conf file:
-----------
CAS {
com.ibm.security.auth.module.Krb5LoginModule required debug=FALSE client=TRUE;
};
-----------
I have Java running and pointing to the proper conf file:
-----------
/usr/bin/java
-Djava.util.logging.config.file=/opt/springsource/tcServer-6.0/tomcat-6.0.20.C/conf/logging.properties
-Djava.util.logging.manager=com.springsource.tcserver.serviceability.logging.TcServerLogManager
-Djava.security.auth.login.config=/etc/jaas.conf
-Djavax.net.ssl.trustStore=/etc/tomcat.keystore
-Djava.security.krb5.conf=/etc/krb5.conf -Xmx512m -Xss192k
-Djava.endorsed.dirs=/opt/springsource/tcServer-6.0/tomcat-6.0.20.C/endorsed
-classpath
:/opt/springsource/tcServer-6.0/tomcat-6.0.20.C/bin/bootstrap.jar:/opt/springsource/tcServer-6.0/tomcat-6.0.20.C/bin/tomcat-juli.jar
-Dcatalina.base=/opt/springsource/tcServer-6.0/tomcat-6.0.20.C
-Dcatalina.home=/opt/springsource/tcServer-6.0/tomcat-6.0.20.C
-Djava.io.tmpdir=/opt/springsource/tcServer-6.0/tomcat-6.0.20.C/temp
org.apache.catalina.startup.Bootstrap start
-----------
(relevant parameters being -Djava.security.auth.login.config=/etc/jaas.conf
-Djavax.net.ssl.trustStore=/etc/tomcat.keystore
-Djava.security.krb5.conf=/etc/krb5.conf)
I know that Kerberos works fine and the /etc/krb5.conf is correct because I can
kinit from the console. I also have verified that the Kerberos server's
certificate is accepted by having the CA in the given trust store. The password
on the keystore is "changeit", and running keytool -list -keystore
/etc/tomcat.keystore results in:
-----------
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
mykey, Mar 19, 2010, trustedCertEntry,
Certificate fingerprint (MD5): 4A:E4:36:BC:46:C3:D0:88:99:3D:44:0E:D3:5B:E9:A3
-----------
Any ideas what I'm missing or doing wrong would be greatly appreciated. This is
running on springsource tcServer right now, but it's the same as tomcat
essentially and I have the exact same issue on vanilla tomcat.
------------------------------
Justin DeMaris
University of Connecticut
UITS - Middleware
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
