If you are going to do Active Directory authentication via Kerberos, you will need to configure CAS to use the JaasAuthenticationHandler, which takes a JAAS configuration file passed into Tomcat via the -Djava.security.auth.config property along with your Kerberos configuration via the -Djava.security.krb5.conf property.
DISCLAIMER: Before I show you some sample files, a word of warning: in pre-Java 6.06, there was a bug in the Kerberos login module such that memory was not being deallocated appropriately and resulted in Java crashing due to running out of memory over time. For more information, check out the following links: http://www.nabble.com/trying-to-track-down-jaas-memory-leak-to15194118.h tml#a15235357 http://bugs.sun.com/view_bug.do?bug_id=6578538 Here are sample files: JAAS.conf ======================== /** * Login Configuration for JAAS. * * Specify that Kerberos v5 is a required login module */ CAS { com.sun.security.auth.module.Krb5LoginModule required client=TRUE debug=FALSE useTicketCache=FALSE; }; ======================== Tomcat arguments for JAAS configuration ======================== -Djava.security.auth.login.config=/usr/local/tomcat/conf/jaas.conf \ -Djava.security.krb5.conf=/etc/krb5.conf \ ======================== Andrew R Feller, Analyst University Information Systems 200 Fred Frey Building Louisiana State University <http://www.lsu.edu/> Baton Rouge, LA, 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax) ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Dcunha Sent: Friday, June 20, 2008 11:53 AM To: [email protected] Subject: Re: SSO using CAS with AD and Kerberos Hi, My primary reason using that was as i was investigating CAS, I found out that the old versions used Ant Deployment and the new one uses Maven. I have no experience in Maven and wanted to see if the ant deployment based CAS server 2.0 would work fine with our product. Our webapplication runs on jdk 1.4.2_08 and we still have to upgrade the java version. Would the latest release of cas server 3.2.1 work on a jdk 1.4.2? Thanks for directing me towards the wiki page link. My next step would be to check if cas server 3.2.1 would work along with our webapp on jdk1.4.2 -- Regards James Dcunha
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
