[cas-user] still trying to get SPNEGO to work

Mon, 15 Nov 2010 15:41:16 -0800 

Hello,
I am still struggling with this and have made little progress, but I have some specific questions about login.conf. 


Note that I have commented out all of the LDAP references in my 
deployerConfigContext.xml to eliminate any confusion.



1) When I "strace -Ff" tomcat from the start, I don't see any attempt to 
open login.conf even through several attempts to authenticate via the 
cas/login web page:



10302 stat("/var/lib/tomcat5/webapps/cas/WEB-INF/login.conf", 
{st_mode=S_IFREG|0644, st_size=192, ...}) = 0
10302 stat("/var/lib/tomcat5/webapps/cas/WEB-INF/login.conf", 
{st_mode=S_IFREG|0644, st_size=192, ...}) = 0

10302 access("/var/lib/tomcat5/webapps/cas/WEB-INF/login.conf", R_OK) = 0

10302 stat("/var/lib/tomcat5/webapps/cas/WEB-INF/login.conf", 
{st_mode=S_IFREG|0644, st_size=192, ...}) = 0
10302 
stat("/var/lib/tomcat5/webapps/cas/WEB-INF/classes/etc/cas/WEB-INF/login.conf", 
0x40b05bf0) = -1 ENOENT (No such file or directory)
10302 stat("/var/lib/tomcat5/common/classes/etc/cas/WEB-INF/login.conf", 
0x40b053f0) = -1 ENOENT (No such file or directory)
10302 stat("/var/lib/tomcat5/shared/classes/etc/cas/WEB-INF/login.conf", 
0x40b05450) = -1 ENOENT (No such file or directory)


Why not?

2) It clearly finds login.conf but seems to keep looking is more locations.

Why?

3) Is there a way to specify the full path _outside_ of the app tree?


This doesn't work. As can be seen from the trace, it appends this to the 
the web app location in tomcat.


<property name="loginConf" value="/etc/cas/WEB-INF/login.conf"/>


4) Jean Linlin said that this needed to be added to login.conf, but this 
isn't what is describe on the wiki info page for login.conf:


com.sun.security.jgss.krb5.accept {
      com.sun.security.auth.module.Krb5LoginModule required
      principal="HTTP/your_...@your_domain.net"
      useKeyTab=true
      debug=true
      keyTab="/etc/your_Keytab.keytab"
      storeKey=true
      useTicketCache=false;
    };



I'd appreciate any help.

Thanks!

Brian



--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user














    











					Reply via email to