Bill, Thanks for your response. Anyone have an idea about question #2 below?
Thanks. ________________________________ From: Bill Markmann <[EMAIL PROTECTED]> To: Yale CAS mailing list <[email protected]> Sent: Wednesday, December 3, 2008 2:47:27 PM Subject: Re: Spnego question Not sure about q's 1&2 (I set up SPNEGO to use Kerberos), but I can confirm that the answer to #3 is yes -- if you just add the SPNEGO login flow as described and don't remove the other mechanism(s) you've already configured, it fails back to the usual means of authentication if the AD identity isn't picked up by the SPNEGO mechanism. - Bill On Wed, Dec 3, 2008 at 5:40 PM, tedzo <[EMAIL PROTECTED]> wrote: Hello, I have a requirement to integrate CAS signon with the windows signon such that a user that logs into the windows workstation doesn't need to login via CAS again. Specifically, I need to use NTLM only (I realize the issues related to that). Looking through the wiki and I found http://www.ja-sig.org/wiki/display/CASUM/SPNEGO. I have a few questions- 1. What version of CAS is required for NTLM support? 2. I am having a bit of trouble figuring out what part of the document is applicable for just NTLM authentication. The document talks a lot about setting up the Active Directory, modifying the encryption algorithm and creating the Keytab file. Can I skip all this since it seems to pertain to Kerberos? This is what I think needs to change for NTLM support- a) Set up Login webflow (add 2 new states and update 2 others) b) Add corresponding beans to cas-servlet.xml c) Modify deployerConfigContext.xml d) jcifsConfig Bean is required I guess. What do I do with the Kerberos related properties? e) login.conf? Required? Can someone please confirm? 3. Is it possible to set up CAS such that NTLM authentication is used if available and if not, then it falls back to the usual means of authentication? Thank you for your time. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
