I try to setup a cas server with spnego but without NTLM.

So I configured the SPNEGO authentication handler bean in this way :

             <bean 
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler">
                    <property name="authentication">
                        <bean class="jcifs.spnego.Authentication" />
                    </property>
                    <property name="principalWithDomainName" value="false" />
                    <property name="NTLMallowed" value="false"/>
                </bean>
...
    <bean name="jcifsConfig" 
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig">
        <property name="jcifsServicePrincipal" value="HTTP/..." />
        <property name="kerberosDebug" value="false" />
        <property name="kerberosConf" value=".../krb5.conf" />
        <property name="loginConf" value=".../login.conf" />
    </bean>


But if I look at my catalina.out log :

jcifs.spnego.AuthenticationException: Error performing NTLM authentication: 
jcifs.smb.SmbException
jcifs.util.transport.TransportException
java.net.ConnectException: Connection refused
...
        at jcifs.spnego.Authentication.processNtlm(Authentication.java:309)
        at jcifs.spnego.Authentication.processSpnego(Authentication.java:337)

And indeed I see a tcp connection on localhost.

It more a nuisance than a real problem, but I like to keep log clean.

How can I totally disable NTLM but keep SPNEGO ?

I'm using CAS 3.5.2 and cas-server-support-spnego 3.5.3-SNAPSHOT as I need the 
mixedModeAuthentication.
-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to