Céline AUSSOURD wrote: >>>>> What's your setting of principalWithDomainName (property of >>>>> JCIFSSpnegoAuthenticationHandler)? >>>> >>> It's "true". That's why "MC\" appears in the user name. >>>> What's your setting of NTLMallowed (property of >>>> JCIFSSpnegoAuthenticationHandler)? >>>> >>> It's "true". If I set to "false", the authentication doesn't work. >> Then you don't authenticate with Kerberos. NTLM is used. That leads to >> the name form NETBIOSDOMAIN/sAMAccountName. > > How can I authenticate with Kerberos ? It seems that my client only send NTLM > tokens.
Did you follow all the Kerberos-related instructions on http://www.ja-sig.org/wiki/display/CASUM/SPNEGO ? Are you using MS AD? Which version? >>>> If you want to allow SPNEGO with NTLM you could try to map the principal >>>> name to userPrincipalName like described here: >>>> http://www.ja-sig.org/wiki/display/CASUM/Attributes >>>> >>> Thanks for the idea. I'm trying. >> Maybe set principalWithDomainName to false and search via LDAP for >> (sAMAccountName=%u). >> [...] >> You have to add the CredentialsToLDAPAttributePrincipalResolver. >> [...] >> Why do you want to change the login flow? > > I followed your advice (I modified /WEB-INF/deployerConfigContext.xml) but it > seems that the CredentialsToLDAPAttributePrincipalResolver isn't used. What does your configuration look like? (excerpts of deployerConfigContext.xml without real passwords!) Ciao, Michael. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
