hi bernard, yes you need to install the following packages on the server where CAS is deployed : - apt-get install krb5-clients - apt-get install krb5-user - apt-get install libsasl2-modules-gssapi-mit after that, you'll find in /etc the krb5.conf file, you must change it and put your parameters. On your Active directory, use JDK 1.6.18 or higher to create your keytab : - ktab -k PORTAILAPHM.keytab -a HTTP/[email protected] after that, execute the followind commande on your AD : - Setspn -A HTTP/FQDN_Machine_Unix USER_AD In your login.conf, you must add the following lignes : ---------------------- com.sun.security.jgss.krb5.accept { com.sun.security.auth.module.Krb5LoginModule required principal="HTTP/your_...@your_domain.net" useKeyTab=true debug=true keyTab="/etc/your_Keytab.keytab" storeKey=true useTicketCache=false; }; -------------------- add the following jvm-option on your application server : --------------------------- -Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.krb5.conf=/etc/krb5.conf -Dsun.security.krb5.debug=true -Djava.security.krb5.kdc=NOM_DC_AD -Djava.security.krb5.realm=DOMAIN.NET -Ddk.itp.debug=true -Dsun.security.jgss.debug=true ------------------------------
hope that will hepl you. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
