[cas-user] SPNEGO/Kerberos config

Thu, 24 Feb 2022 02:29:08 -0800 

Hi,   I am setting a new CAS server in order to replace our well working 3.5.1, 
and I was I not able to have a working SPNEGO auth.  Of course, it was 
impossible to use the good old configuration files because of so many changes 
in implementation.   I have been following the instructions here : 
https://apereo.github.io/cas/6.4.x/authentication/SPNEGO-Authentication.html 
but it was not working and some informations were missing (how to configure the 
JCIFS principal in the configuration file, as we only want to rely on Kerberos, 
NTLM is not considered).   It seems I had an almost working configuration for 
some times, but I suspect a typo in the documentation. Here is why.   If I use 
a JAAS configuration file like this one :  

jcifs.spnego.initiate { com.sun.security.auth.module.Krb5LoginModule \ required 
storeKey=true useKeyTab=true keyTab="/home/cas/kerberos/myspnaccount.keytab"; 
}; jcifs.spnego.accept { com.sun.security.auth.module.Krb5LoginModule \ 
required storeKey=true useKeyTab=true 
keyTab="/home/cas/kerberos/myspnaccount.keytab"; }; 
Authentication fails and I get the following exceptions :

2022-02-24 09:10:09,340 DEBUG [org.springframework.webflow.engine.ActionState] 
- 
2022-02-24 09:10:09,342 DEBUG 
[org.springframework.webflow.execution.ActionExecutor] - 
2022-02-24 09:10:09,342 DEBUG 
[org.springframework.webflow.execution.ActionExecutor] - 
2022-02-24 09:10:09,342 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] 
- 
2022-02-24 09:10:09,342 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] 
- 
2022-02-24 09:10:09,342 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] 
- 
2022-02-24 09:10:09,343 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] 
-

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20220224102859.E4F4DC005D%40smtp04.mail.de.

Reply via email to