I'm in the same situation. I'm not using JBoss but Tomcat55.
We have a _working_ CAS-SPNEGO on a test machine: W2kServer, AD, Tomcat55.
Here's the relevant part of our WORKING deployerConfigContext.xml:
----------------------
<!-- SPNEGO -->
<bean name="jcifsConfig"
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig">
<property name="jcifsServicePrincipal"
value="HTTP/[EMAIL PROTECTED]" />
<property name="jcifsServicePassword" value="*****" />
<property name="kerberosDebug" value="true" />
<property name="kerberosRealm" value="DOMAIN.ES" />
<property name="kerberosKdc" value="192.168.1.1" />
<property name="loginConf" value="C:/Archivos de
programa/Apache Software
Foundation/Tomcat 5.5/webapps/cas/WEB-INF/login.conf" />
</bean>
-----------------------
Note the FQDN server.domain.es (not only server, but server.domain.es).
But our production environment doesn't work. We have there two W2003Server
(PDC and SDC), AD and a W2003Server Tomcat55. If we open IExplore from the
Tomcat machine, we obtain a NTLM token; from other machine we reach a
Kerberos token, but it fails with: Unable to obtain the output token
required.
That's all info I cna give you. I hope someone can help us.
JMRodriguez
--
View this message in context:
http://www.nabble.com/SPNEGO-fails-back-to-NTLM-%28won%27t-do-Kerberos%29-tp20365070p20365611.html
Sent from the CAS Users mailing list archive at Nabble.com.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
