Hello. I progress: I resolve all my spnego problems!! Now I return to cas configuration.
I always have this warning: [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - found login config in system property, may overide : C:\KerberosConf\login.conf I tried your option Pavel (in catalina.bat, I define again JAVA_OPTS with -Djava.security.auth.login.config=C:\KerberosConf\login.conf) but no change. Did I put this option in the wrong place? I think my deployerConfigContext.xml is wrong, particularily the jcifsConfig bean: <property name="jcifsServicePrincipal" value="HTTP/[email protected]" /> <property name="jcifsServicePassword" value="PASSWORD" /> <property name="kerberosDebug" value="true" /> <property name="kerberosRealm" value="ENM.JUSTICE.FR" /> <property name="kerberosKdc" value="kirk.enm.justice.fr" /> <property name="loginConf" value="C:/KerberosConf/login.conf" /> Where PASSWORD is the password of the user (ADLecteur) who creates the keytab. kirk.enm.justice.fr is the name of my server, ENM.JUSTICE.FR is my domain. When I do ktab -l -k adlecteur.keytab : C:\KerberosConf>ktab -l -k adlecteur.keytab Keytab name: C:\KerberosConf\adlecteur.keytab KVNO Principal --------------------------------- 1 [email protected] 1 [email protected] 1 [email protected] 1 [email protected] 1 [email protected] When I do setspn -L ADLecteur : C:\KerberosConf>setspn -L ADLecteur Registered ServicePrincipalNames for CN=ADLecteur,OU=administration,OU=Informatique,OU=Bordeaux,DC=enm,DC=justice,DC=fr: HTTP/localhost HTTP/kirk.enm.justice.fr HTTP/kirk Tomcat's url is: http://kirk:8080/ CAS's url is: http://kirk:8080/cas I put krb5.ini in C:\Windows and my login.conf is in C:\KerberosConf I have the same error as previoulsy: [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler failed to authenticate the user which provided the following credentials: unknown How to chose the spnego module? Regards, Romain -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
