SPNEGO: How to use keytab instead of creating TGT afresh.

Mon, 29 Oct 2007 07:15:05 -0800 

Hi cas:

How can I make use of existing keytab file ? Is there a way I can 
introduce keytab in jcifsconfig, and force it to use keytab?

jcifsConfig contents:

        <bean name="jcifsConfig"
 
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig">
                <property name="jcifsServicePrincipal" 
value="HTTP/[EMAIL PROTECTED]" />
                <!-- property name="jcifsServicePassword" 
value="the.service.password.here" /-->
                <property name="kerberosDebug" value="true" />
                <property name="kerberosRealm" value="test.ADS.DB.COM" />
                <property name="kerberosKdc" value="ma.test.ADS.DB.COM" />
                <property name="loginConf" value="/WEB-INF/login.conf" />
        </bean>


My WEB-INF/login.conf contents:

jcifs.spnego.initiate {
        com.sun.security.auth.module.Krb5LoginModule 
        required
        debug=true
        useKeyTab=true
        keyTab="D:/Data/workspace/spg/spgtt/dev/conf/SPGTT-sp.keytab" 
        storeKey=false;
};
jcifs.spnego.accept {
        com.sun.security.auth.module.Krb5LoginModule 
        required
        debug=true
        useKeyTab=true
        keyTab="D:/Data/workspace/spg/spgtt/dev/conf/SPGTT-sp.keytab" 
        storeKey=false;
};

Despite mentioning keytab file, CAS tries to get TGT, how can i avoid 
that. [I'm able to use the same keytab file with vintela without error.]. 
Do we need some config in 

Error log:

2007-10-29 10:34:39,327 DEBUG 
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form 
object with name 'credentials' of type [class 
org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in 
scope Flow
2007-10-29 10:34:39,327 DEBUG 
[org.jasig.cas.CentralAuthenticationServiceImpl] - Attempting to create 
TicketGrantingTicket for natapre
2007-10-29 10:34:39,327 DEBUG 
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form 
object with name 'credentials' of type [class 
org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in 
scope Flow
2007-10-29 10:34:39,327 DEBUG 
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor 
registrar set, no custom editors to register
2007-10-29 10:34:39,327 DEBUG 
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 
'AuthenticationViaFormAction' completed execution; result is 'error'

cheers
Prem


---

This e-mail may contain confidential and/or privileged information. If you 
are not the intended recipient (or have received this e-mail in error) 
please notify the sender immediately and destroy this e-mail. Any 
unauthorized copying, disclosure or distribution of the material in this 
e-mail is strictly forbidden.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to