OK, got this. The pb seems to be in GSSAPI CAS implementation and not in the kerberos part. Anyway, i'm looking into it and will be happy to share.
Le 19 oct. 2011 à 15:14, Marvin Addison a écrit : >> After few tests, it shows up that this implementation shows severe security >> leaks. It seems that, once a user is correctly identified, the context is >> used for all further authentication…. does this has been tested or is this >> just a proof of concept ? > > This is community-contributed content and has not been verified in any > manner whatsoever. We're working to make a clear distinction in > documentation between official content and community-contributed > content, where the former has been verified and vetted as both secure > and consistent with best practices. Unfortunately the CASUM wiki > contains both at present. > > As I said previously, we'd be happy to accept contributions or > improvements to the document you're working from, but no one among the > core CAS committers has infrastructure or expertise to do GSSAPI with > Kerberos. (Well, technically we have the infrastructure and have > cobbled together the expertise in the past, but I can't justify the > time at present.) > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > _______________________________________ Christophe Ségui Responsable de Service Service Informatique Institut de Mathématiques de Toulouse - UMR 5219 Université de Toulouse, CNRS UNIVERSITE PAUL SABATIER BAT 1R3 bur 221 118 Route de Narbonne 31062 Toulouse Cedex 9 tel : 05.61.55.63.78 fax :05.61.55.75.99 _______________________________________ Economisez de l'énergie, du papier et de l'encre, n'imprimez ce message que si nécessaire. Pour en savoir plus consultez www.ecoinfo.cnrs.fr
smime.p7s
Description: S/MIME cryptographic signature
