HI! First, many thanks for providing CAS.
I'm testing CAS with SPNEGO and it works just fine following the docs on http://www.ja-sig.org/wiki/display/CASUM/SPNEGO But I have one question: Is it necessary to really have both a krb5.conf *and* the jcifsConfig? Or would it be possible to just use the jcifsConfig with the properties jcifsServicePrincipal and jcifsServicePassword? In this case the step with ktpass and transferring the keytab would also not be needed. And deployment would be much easier since I just would have to install a single .war file. Maybe the docs only mention /etc/krb5.conf for testing the configuration with the MIT utils? I temporarily removed /etc/krb5.conf and it seems to still work. But I'd be glad to get a definitive answer from somebody who really knows. Also, are there any security considerations when solely using the jcifsConfig? I thought about this myself but the Tomcat server would need read access to a server keytab anyway. Ciao, Michael. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
