Hi, You may be running into previously discussed entropy issues because the Apache Portable Runtime included with most distributions uses a blocking source of entropy in order to generate random bytes. You can see if this is the case by running a command like:
watch -n 0 cat /proc/sys/kernel/random/entropy_avail If that number drops to 0 or thereabouts while you are waiting for the page to appear, you may want to look at installing a package like rng-tools to use /dev/urandom to feed /dev/random. See the README under the 'Known Limitations' section. Hope this helps, -Phil On Sat, Oct 25, 2008 at 8:08 AM, lobatt <[EMAIL PROTECTED]> wrote: > Problem Solved...partially... > I turned CASDebug On, then I found that cas can write to /tmp/cas, so I > changed the permission of /tmp/cas, and the system runs fine. > > But will one additional question, after I login, I have to wait a long period > of time (more than 10 second) to see the targeting page. I thought CAS will > faster than Shibboleth, and I am thinking integrate CAS as local sso provider > with Shibboleth as cross-domain sso provider to enhance the performance. > Does anyone every do the performance comparison between CAS and Shibboleth? > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, Matthew > J. > Sent: Friday, October 24, 2008 8:22 PM > To: Yale CAS mailing list > Subject: Re: 答复: 答复: 答复: MOD_AUTH_CAS: Could not perform SSL handshake > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The certs all match up here. How did you generate this certificate? > > Could you try adding "CASValidateServer Off" to your configuration, and > see if everything works that way? Note that this should not be used in > production, but only for debugging. > > - -Matt > > lobatt wrote: >> Thank you, Matt. I checked my httpd.conf and ssl.conf: >> [EMAIL PROTECTED] conf]# cat ssl.conf |grep SSLCertificateFile >> SSLCertificateFile >> /home/ncpku/common/httpd-2.0.59/conf/sp.permis.pku.edu.cn.crt >> [EMAIL PROTECTED] conf]# cat httpd.conf |grep CASCertificatePath >> CASCertificatePath >> /home/ncpku/common/httpd-2.0.59/conf/sp.permis.pku.edu.cn.crt >> >> It looks they are using the same file, so I ran the command you gave to me, >> and here is the output, sorry to bother again. >> >> [EMAIL PROTECTED] conf]# openssl x509 -in sp.permis.pku.edu.cn.crt -noout >> -subject -issuer -modulus -serial >> subject= /C=CN/ST=Beijing/L=Beijing/O=PERMIS, Peking Univ./OU=Computer >> Center/CN=sp.permis.pku.edu.cn/[EMAIL PROTECTED] >> issuer= /C=CN/ST=Beijing/L=Beijing/O=PKU6/OU=Computer >> Center/CN=InterI_CA/[EMAIL PROTECTED] >> Modulus=AFD8D77ECAB4EC2FBF3A05DAFC45B9CF390FEAA41AE380AB87A0F9DC053D2072BED92A70EF8C439B1CF2879378E32DB0E3181B73EFFF302DEEEBA458FE08EDFC07214F50529CB8EF6503DCB7387532586EB6E723BA95E14DDDEC297C88428FFB9B453FFF091E8B4E98A3D747FAECB734436221977D139F4EA266C45DFEB0AAB0DBB02C8606B861BA64568B4DE329F629C58627D425D31863017808E5F5D6BEE0B97541382A4E5DB6473CC3C15DB208D4962E22897387932A07A1AB132825A2EB116F6D26A4CE36A60AC3A1B31E7DB4D402EAB9B067109DE3BBAA859A611D41671B5E2F2F53A061E8E002F90CBDA58F9BF868A1B2483ACF6F3A9B037AC2A8D7A3 >> serial=13 >> [EMAIL PROTECTED] conf]# openssl s_client -connect sp.permis.pku.edu.cn:443 >> | openssl x509 -noout -subject -issuer -modulus -serial >> depth=0 /C=CN/ST=Beijing/L=Beijing/O=PERMIS, Peking Univ./OU=Computer >> Center/CN=sp.permis.pku.edu.cn/[EMAIL PROTECTED] >> verify error:num=20:unable to get local issuer certificate >> verify return:1 >> depth=0 /C=CN/ST=Beijing/L=Beijing/O=PERMIS, Peking Univ./OU=Computer >> Center/CN=sp.permis.pku.edu.cn/[EMAIL PROTECTED] >> verify error:num=27:certificate not trusted >> verify return:1 >> depth=0 /C=CN/ST=Beijing/L=Beijing/O=PERMIS, Peking Univ./OU=Computer >> Center/CN=sp.permis.pku.edu.cn/[EMAIL PROTECTED] >> verify error:num=21:unable to verify the first certificate >> verify return:1 >> subject= /C=CN/ST=Beijing/L=Beijing/O=PERMIS, Peking Univ./OU=Computer >> Center/CN=sp.permis.pku.edu.cn/[EMAIL PROTECTED] >> issuer= /C=CN/ST=Beijing/L=Beijing/O=PKU6/OU=Computer >> Center/CN=InterI_CA/[EMAIL PROTECTED] >> Modulus=AFD8D77ECAB4EC2FBF3A05DAFC45B9CF390FEAA41AE380AB87A0F9DC053D2072BED92A70EF8C439B1CF2879378E32DB0E3181B73EFFF302DEEEBA458FE08EDFC07214F50529CB8EF6503DCB7387532586EB6E723BA95E14DDDEC297C88428FFB9B453FFF091E8B4E98A3D747FAECB734436221977D139F4EA266C45DFEB0AAB0DBB02C8606B861BA64568B4DE329F629C58627D425D31863017808E5F5D6BEE0B97541382A4E5DB6473CC3C15DB208D4962E22897387932A07A1AB132825A2EB116F6D26A4CE36A60AC3A1B31E7DB4D402EAB9B067109DE3BBAA859A611D41671B5E2F2F53A061E8E002F90CBDA58F9BF868A1B2483ACF6F3A9B037AC2A8D7A3 >> serial=13 >> >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, >> Matthew J. >> Sent: Thursday, October 23, 2008 10:31 PM >> To: Yale CAS mailing list >> Subject: Re: 答复: 答复: 答复: MOD_AUTH_CAS: Could not perform SSL handshake >> >> That output appears to indicate that the cert you specified in the >> CASCertificatePath (and the CAFile parameter of the openssl command we >> just ran) does not match nor sign the cert being used by Apache (in the >> SSLCertificateFile param). >> >> Can you run the following two commands and send the output: >> >> openssl x509 -in /etc/ssl/certs/uconnca.crt -noout -subject -issuer >> -modulus -serial >> >> >> openssl s_client -connect sp.permis.pku.edu.cn:443 | openssl x509 >> -noout -subject -issuer -modulus -serial >> >> >> -Matt >> >> lobatt wrote: >>> CONNECTED(00000003) >>> depth=0 /C=CN/ST=Beijing/L=Beijing/O=PERMIS, Peking Univ./OU=Computer >>> Center/CN=sp.permis.pku.edu.cn/[EMAIL PROTECTED] >>> verify error:num=20:unable to get local issuer certificate >>> verify return:1 >>> depth=0 /C=CN/ST=Beijing/L=Beijing/O=PERMIS, Peking Univ./OU=Computer >>> Center/CN=sp.permis.pku.edu.cn/[EMAIL PROTECTED] >>> verify error:num=27:certificate not trusted >>> verify return:1 >>> depth=0 /C=CN/ST=Beijing/L=Beijing/O=PERMIS, Peking Univ./OU=Computer >>> Center/CN=sp.permis.pku.edu.cn/[EMAIL PROTECTED] >>> verify error:num=21:unable to verify the first certificate >>> verify return:1 >> >>> I am totally a dumb to certificates. The certificate I am using was a >>> testing certificate generated and signed using openssl, is that ok? >>> I have been using this certificate with shibboleth sp and it looks fine. >>> -----(R)öŸö----- >>> Ñöº: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ã >>> h Smith, Matthew J. >>> Ñ öô: 2008t10 23å 20:34 >>> 6öº: Yale CAS mailing list >>> ;˜: Re: T : T : MOD_AUTH_CAS: Could not perform SSL handshake >> >>> Running on the same server should be fine. Can you try the following >>> from your server (all one line): >>> openssl s_client -connect localhost:443 -CAfile >>> /home/ncpku/common/httpd-2.0.59/conf/sp.permis.pku.edu.cn.crt >> >>> - From that output, please send us the final "Verify return code". >> >>> Thanks, >>> -Matt >> >>> lobatt wrote: >>>> Thank you Andrew, sorry I didn't make it clear earlier, I deployed my CAS >>>> Server and mod_auth_cas in the same server, is that a problem? >>>> And I am using apache and jk to proxy requests to CAS server, is there any >>>> specific configuration I need to apply? >>>> Best Regards, >>>> Li Cheng >>>> -----(R)öxö----- >>>> Ñöº: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >>> ã >>>> h Andrew Ralph Feller, afelle1 >>>> Ñ öô: 2008t10 22å 20:41 >>>> 6öº: Yale CAS mailing list >>>> ;Ü: Re: T : MOD_AUTH_CAS: Could not perform SSL handshake >>>> Hrmmmm, the CASCertificatePath should point to the SSL certificate of the >>>> CAS server you are trying to communicate with and not the SSL certificate >>> of >>>> the machine, correct? Can you confirm the SSL certificate used is that of >>>> the CAS server or the application being protected? >>>> If you have openssl and the client installed on a machine, the following >>>> command will request the certificate being used by the machine: >>>> openssl s_client -showcerts -connect "example.com:443" > example.crt >>>> In the file, the top certificate should be the one owned by the server. I >>>> usually just get rid of everything else and use that. >>>> HTH, >>>> A- >> >>>> On 10/22/08 7:25 AM, "David Whitehurst" <[EMAIL PROTECTED]> wrote: >>>>> You might setup your certificate file with Apache and see if a plain >>>> HTTPS >>>>> request works? I agree with Matt above that you should check >>>> permissions >>>>> too. >>>> David >>>> On 10/22/08, lobatt <[EMAIL PROTECTED]> wrote: >>>>> Thank you for your >>>>> time. >>>>> >>>>> I checked my configuration, there is no space ,it's must be a typo, >>>>> I >>>>> replaced my domain name for security reason. >>>>> Below is my real >>>>> configuration: >>>>> #******************************CAS client >>>>> integration************** >>>>> LoadModule auth_cas_module >>>>> modules/mod_auth_cas.so >>>>> CASCookiePath /tmp/cas/ >>>>> CASloginURL >>>>> https://sp.permis.pku.edu.cn/cas/login >>>>> CASValidateURL >>>>> https://sp.permis.pku.edu.cn/cas/serviceValidate >>>>> CASCertificatePath >>>>> >>>>> /home/ncpku/common/httpd-2.0.59/conf/sp.permis.pku.edu.cn.crt >>>>> <Location >>>>> "/casprotect/"> >>>>> AuthType CAS >>>>> Require valid-user >>>>> </Location> >>>>> >>>>> #******************************************************************* >>>>> >>>>> I >>>>> turned debug level of apache to DEBUG and modified my log4j.properties >>>>> like >>>>> below >>>>> log4j.logger.org.jasig.cas.web.flow=DEBUG >>>>> >>>>> log4j.logger.org.jasig.cas.authentication=DEBUG >>>>> >>>>> >>> log4j.logger.org.jasig.cas.web.flow.TicketGrantingTicketCheckAction=DEBUG> >>>>> log4j.logger.org.jasig.cas.services.DefaultServiceRegistry=DEBUG >>>>> >>>>> log4j.logger.org.jasig.cas.services=DEBUG >>>>> >>>>> and here is my log: >>>>> httpd >>>>> error_log: >>>>> [Wed Oct 22 14:25:19 2008] [error] [client 162.105.67.102] >>>>> MOD_AUTH_CAS: >>>>> Could not perform SSL handshake with sp.permis.pku.edu.cn >>>>> (check >>>>> CASCertificatePath), referer: >>>>> >>>>> >>> https://sp.permis.pku.edu.cn/cas/login?service=https%3a%2f%2fsp.permis.pku.e >>>>> du.cn%2fcasprotect%2f >>>>> >>>>> cas.log: (also in attchment) >>>>> 2008-10-22 >>>>> 14:25:10,088 DEBUG >>>>> [org.jasig.cas.web.flow.InitialFlowSetupAction] - >>>>> Action >>>>> 'InitialFlowSetupAction' beginning execution >>>>> 2008-10-22 >>>>> 14:25:10,091 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] >>>>> - Setting >>>>> path for cookies to: /cas >>>>> 2008-10-22 14:25:10,099 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in >>>>> >>>>> FlowScope: https://sp.permis.pku.edu.cn/casprotect/ >>>>> 2008-10-22 14:25:10,100 >>>>> DEBUG >>>>> [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action >>>>> >>>>> 'InitialFlowSetupAction' completed execution; result is 'success' >>>>> 2008-10-22 >>>>> 14:25:10,132 DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - >>>>> Action >>>>> 'AuthenticationViaFormAction' beginning execution >>>>> 2008-10-22 >>>>> 14:25:10,135 DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - >>>>> Executing setupForm >>>>> 2008-10-22 14:25:10,136 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form >>>>> >>>>> object with name 'credentials' >>>>> 2008-10-22 14:25:10,136 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new >>>> instance >>>>> of form object class [class >>>>> >>>>> org.jasig.cas.authentication.principal.UsernamePasswordCredentials] >>>>> >>>>> 2008-10-22 14:25:10,137 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form >>> object >>>>> of type [class >>>>> >>>>> org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in >>>> scope >>>>> Flow with name 'credentials' >>>>> 2008-10-22 14:25:10,137 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form >>>>> >>>>> errors for object with name 'credentials' >>>>> 2008-10-22 14:25:10,148 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property >>> editor> >>>>> registrar set, no custom editors to register >>>>> 2008-10-22 14:25:10,152 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form >>> errors >>>>> instance in scope Flash >>>>> 2008-10-22 14:25:10,153 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>>> >>>>> 'AuthenticationViaFormAction' completed execution; result is 'success' >>>>> >>>>> 2008-10-22 14:25:10,153 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>>> >>>>> 'AuthenticationViaFormAction' beginning execution >>>>> 2008-10-22 14:25:10,153 >>>>> DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>>> >>>>> 'AuthenticationViaFormAction' completed execution; result is 'success' >>>>> >>>>> 2008-10-22 14:25:18,436 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>>> >>>>> 'AuthenticationViaFormAction' beginning execution >>>>> 2008-10-22 14:25:18,437 >>>>> DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing >>>>> bind >>>>> 2008-10-22 14:25:18,437 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing >>> form >>>>> object with name 'credentials' of type [class >>>>> >>>>> org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in >>>> scope >>>>> Flow >>>>> 2008-10-22 14:25:18,437 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property >>> editor> >>>>> registrar set, no custom editors to register >>>>> 2008-10-22 14:25:18,442 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Binding allowed >>>>> >>>>> request parameters in map['lt' -> >>>>> >>>>> >>> '_c3E31A0C0-C329-DA8A-DDD2-9DB286EBDE0E_k20927939-E9B9-269E-9619-CE6C38036F8 >>>>> 7', 'service' -> 'https://sp.permis.pku.edu.cn/casprotect/', '_eventId' >>> -> >>>>> 'submit', 'password' -> '12345', 'submit' -> '??????', 'username' -> >>>> 'roey'] >>>>> to form object with name 'credentials', pre-bind formObject toString = >>>>> >>>>> [username: null] >>>>> 2008-10-22 14:25:18,443 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - (Any field is >>>>> >>>>> allowed) >>>>> 2008-10-22 14:25:18,447 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Binding completed >>>> for >>>>> form object with name 'credentials', post-bind formObject toString = >>>>> >>>>> [username: roey] >>>>> 2008-10-22 14:25:18,448 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - There are [0] >>>> errors, >>>>> details: [] >>>>> 2008-10-22 14:25:18,448 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing >>>> validation >>>>> 2008-10-22 14:25:18,448 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Invoking >>> validator> >>>>> [EMAIL PROTECTED] >>>>> >>>>> 2008-10-22 14:25:18,451 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Validation >>>> completed >>>>> for form object >>>>> 2008-10-22 14:25:18,451 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - There are [0] >>>> errors, >>>>> details: [] >>>>> 2008-10-22 14:25:18,451 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form >>> errors >>>>> instance in scope Flash >>>>> 2008-10-22 14:25:18,451 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>>> >>>>> 'AuthenticationViaFormAction' completed execution; result is 'success' >>>>> >>>>> 2008-10-22 14:25:18,451 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>>> >>>>> 'AuthenticationViaFormAction' beginning execution >>>>> 2008-10-22 14:25:18,452 >>>>> DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing >>>>> form >>>>> object with name 'credentials' of type [class >>>>> >>>>> org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in >>>> scope >>>>> Flow >>>>> 2008-10-22 14:25:19,270 INFO >>>>> >>>>> [org.jasig.cas.authentication.AuthenticationManagerImpl] - >>>>> >>>>> AuthenticationHandler: >>>>> >>>>> org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler >>>> successfully >>>>> authenticated the user which provided the following credentials: >>>> [username: >>>>> roey] >>>>> 2008-10-22 14:25:19,271 DEBUG >>>>> >>>>> >>> [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincip >>>>> alResolver] - Attempting to resolve a principal... >>>>> 2008-10-22 14:25:19,271 >>>>> DEBUG >>>>> >>>>> >>> [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincip >>>>> alResolver] - Creating SimplePrincipal for [roey] >>>>> 2008-10-22 14:25:19,283 >>>>> DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>>> >>>>> 'AuthenticationViaFormAction' completed execution; result is 'success' >>>>> >>>>> 2008-10-22 14:25:19,283 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - Action >>>>> >>>>> 'SendTicketGrantingTicketAction' beginning execution >>>>> 2008-10-22 14:25:19,284 >>>>> DEBUG >>>>> [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - Action >>>>> >>>>> 'SendTicketGrantingTicketAction' completed execution; result is >>> 'success'> >>>>> 2008-10-22 14:25:19,284 DEBUG >>>>> >>>>> [org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action >>>>> >>>>> 'GenerateServiceTicketAction' beginning execution >>>>> 2008-10-22 14:25:19,286 >>>>> INFO >>>>> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service >>>>> ticket >>>>> [ST-1-ZDZ5aL4YpjVdRxWJenD3-cas] for service >>>>> >>>>> [https://sp.permis.pku.edu.cn/casprotect/] for user [roey] >>>>> 2008-10-22 >>>>> 14:25:19,287 DEBUG >>>>> [org.jasig.cas.web.flow.GenerateServiceTicketAction] - >>>>> Action >>>>> 'GenerateServiceTicketAction' completed execution; result is >>>>> 'success' >>>>> >>>>> >>>>> -----(R)öxö----- >>>>> Ñöº: [EMAIL PROTECTED] >>>>> [mailto:[EMAIL PROTECTED] ã >>>>> h Smith, Matthew J. >>>>> Ñ öô: 2008t10 >>>>> 21å 20:27 >>>>> 6öº: Yale CAS mailing list >>>>> ;Ü: Re: MOD_AUTH_CAS: Could not >>>>> perform SSL handshake >>>>> >>>> Perhaps it is simply the copy & paste into the email, but I notice a few >>>> spaces in the paths of your config. Could you verify that those are not >>>> in >>>> your real configuration? >>>> Is mydomain.crt the signing CA for your CAS >>>> server's certificate? >>>> Is mydomain.crt readable by the user the Apache >>>> daemon is running as? >>>> Could you enable CAS debugging and Apache debugging, >>>> and send the extra >>>> debugging information here? >> >>>> -Matt >>>> lobatt >>>> wrote: >>>>>>> Dear list: >>>>>>> >>>>>>> I have deployed a testing CAS server to >>>> protect a httpd >>>>>>> Location, I can login in CAS server successfully, but >>>> after being >>>>>>> automatically redirected to the protect location, it always >>>> return a 401 >>>>>>> error page to me. >>>>>>> >>>>>>> >>>>>>> >>>>>>> I checked my log: >>>>>>> >>>>>>> >>>> In http log: >>>>>>> - - [21/Oct/2008:14:07:40 +0800] "GET >>>>>>> >>>> /casprotect/?ticket=ST-24-L3WtJybA9GIJNa4ASyYJ-cas HTTP/1.1" 401 564 >>>> In cas log: >>>>>>> 2008-10-21 14:07:40,151 INFO >>>>>>> >>>> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service >>>>>>> ticket >>>> [ST-24-L3WtJybA9GIJNa4 >>>>>>> ASyYJ-cas] for service >>>> [https://sp.permis.pku.edu.cn/casprotect/] for >>>>>>> user [Roey] >>>>>>> >>>>>>> >>>> 2008-10-21 14:22:08,272 INFO >>>> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - >>>> Starting cleaning of expi >>>>>>> red tickets from ticket registry at [Tue Oct >>>> 21 14:22:08 CST 2008] >>>>>>> my mod_auth_cas configuration: >>>>>>> >>>>>>> >>>> LoadModule auth_cas_module modules/mod_auth_cas.so >>>>>>> CASCookiePath >>>> /tmp/cas/ >>>>>>> CASloginURL https://mydomain /cas/login >>>>>>> >>>>>>> >>>> CASValidateURL https:// mydomain /cas/serviceValidate >>>> CASCertificatePath /home/ncpku/common/httpd-2.0.59/conf/ mydomain.crt >>>> <Location "/casprotect/"> >>>>>>> AuthType CAS >>>>>>> >>>>>>> Require valid-user >>>>>>> </Location> >>>>>>> >>>>>>> >>>>>>> >>>>>>> I checked my CertificatePath, and I am sure >>>> that is right. >>>>>>> Is there any other possibility? >>>>>>> >>>>>>> >>>>>>> >>>>>>> Best >>>> regards, >>>>>>> Li Cheng >>>>>>> >>>>>>> >>>>>>> >>>> ------------------------------------------------------------------------ >>>>>>> _______________________________________________ >>>>>>> Yale CAS mailing list >>>>>>> [email protected] >>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>> - >>> _______________________________________________ >>> Yale CAS mailing list >>> [email protected] >>> http://tp.its.yale.edu/mailman/listinfo/cas >>> _______________________________________________ >>> Yale CAS mailing list >>> [email protected] >>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>> >>>> ____________________________ >>> ___________________ >>>> Yale CAS mailing >>> list >>>> [email protected] >>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>> ------------------------------------------------------------------------ >>>> _______________________________________________ >>>> Yale CAS mailing list >>>> [email protected] >>>> http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > - -- > Matthew J. Smith > University of Connecticut ITS > [EMAIL PROTECTED] > PGP KeyID: 0xE9C5244E > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFJAb3tGP63pOnFJE4RAvt2AJ9KIHJUie83DV576k8WsFOiFnGWMACgk+sE > RriwVO2yd5ajkWz4z2hmRmk= > =tUxX > -----END PGP SIGNATURE----- > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
