I try to setup a cas server with spnego but without NTLM.
So I configured the SPNEGO authentication handler bean in this way :
<bean
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler">
<property name="authentication">
<bean class="jcifs.spnego.Authentication" />
</property>
<property name="principalWithDomainName" value="false" />
<property name="NTLMallowed" value="false"/>
</bean>
...
<bean name="jcifsConfig"
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig">
<property name="jcifsServicePrincipal" value="HTTP/..." />
<property name="kerberosDebug" value="false" />
<property name="kerberosConf" value=".../krb5.conf" />
<property name="loginConf" value=".../login.conf" />
</bean>
But if I look at my catalina.out log :
jcifs.spnego.AuthenticationException: Error performing NTLM authentication:
jcifs.smb.SmbException
jcifs.util.transport.TransportException
java.net.ConnectException: Connection refused
...
at jcifs.spnego.Authentication.processNtlm(Authentication.java:309)
at jcifs.spnego.Authentication.processSpnego(Authentication.java:337)
And indeed I see a tcp connection on localhost.
It more a nuisance than a real problem, but I like to keep log clean.
How can I totally disable NTLM but keep SPNEGO ?
I'm using CAS 3.5.2 and cas-server-support-spnego 3.5.3-SNAPSHOT as I need the
mixedModeAuthentication.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
