Re:Re:Re: SSO using CAS with AD and Kerberos

Tue, 24 Jun 2008 19:09:03 -0700 

Hi,

Thanks for replying and helping me out. I finally got rid of the error by
adding the following lines listed below in my KerberosAuthHandler.java file

 System.setProperty("java.security.auth.login.config","C:/Program
Files/Apache Software Foundation/Tomcat 5.0/cas_jaas.conf");

 System.setProperty("java.security.krb5.conf","C:/Program Files/Apache
Software Foundation/Tomcat 5.0/krb5.conf");

I added the cas_jaas.conf and krb5.conf to the tomcat home directory and now
when I enter the Active Directory Credentials I get the following error:
"
Debug is  true storeKey false useTicketCache false useKeyTab false
doNotPrompt false ticketCache is null isInitiator true KeyTab is null
refreshKrb5Config is false principal is null tryFirstPass is false
useFirstPass is false storePass is false clearPass is false
        [Krb5LoginModule] user entered username: james

principal is [EMAIL PROTECTED]
Acquire TGT using AS Exchange
        [Krb5LoginModule] authentication failed
Cannot get kdc for realm AD.COURSEWIZARD.COM
Authentication attempt failedjavax.security.auth.login.LoginException:
Cannot get kdc for realm AD.COURSEWIZARD.COM
"


I edited my krb5.conf with the change made to libdefaults, realm as shown
below:

#
#  All rights reserved.
#
# pragma ident    @(#)krb5.conf    1.1 00/12/08

[libdefaults]
        default_realm = AD.COURSEWIZARD.COM

        default_checksum = rsa-md5

# default_checksum = crc32

# yourdomaincontroller is the name of the domain controller / active
directory server acting as the KDC in your windows network

[realms]
        AD.COURSEWIZARD.COM = {
#                kdc = ad.ad.coursewizard.com
                        }

[domain_realm]
    .ad.coursewizard.com = AD.COURSEWIZARD.COM

[logging]
        default = CONSOLE
    kdc_rotate = {

# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.

        period = 1d

# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)

        versions = 10
    }

[appdefaults]
    gkadmin = {
                help_url = http://localhost:8888/ab2/coll.384.2/SEAM
    }
    kinit = {
        renewable = true
        forwardable= true
    }
    rlogin = {
        forwardable= true
    }
    rsh = {
        forwardable= true
    }
    telnet = {
            autologin = true
        forwardable= true
    }


It would really help if someone could give me some direction on how to get
this authentication exception resolved.

Regards
James

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to