Adam Rybicki wrote: > Michael Ströder wrote: >> Andrew Ralph Feller, afelle1 wrote: >> >>> Have you looked into using AD + Kerberos instead of AD + LDAP? We have >>> done AD + LDAP in the past and currently do AD + Kerberos due to our AD >>> administrators preferences; also it doesn’t require us to use a service >>> account. >>> >> IMO SPNEGO/Kerberos requires a service account for the CAS server. > > Andrew didn't say anything about using SPNEGO--just Kerberos > authentication to AD. In my experience this never required a special AD > account.
So I assume what's called "Kerberos authentication" in this context is mainly doing a kinit with username and password? But then you loose one of the main advantages of Kerberos: Not transmitting the user's clear-text password anywhere. Ciao, Michael. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
