SPNEGO config for NTLM

hardyjthomas hardy.thomas at nngco.com
Tue Sep 11 09:17:11 EDT 2007 

I am having difficulty understanding the SPNEGO config needed for NTLM : I
would greatly appreciate it if I could get an example of how to configure
SPNEGO to use NTLM (authenticationhandler, jcifsConfig, web flow beans :
anything else that needs to change for NTLM)?

(I must apologise if this has already being posted : can't seem to find it :
point me in the right direction)

I have made a guess at the config but doesn't seem to work.

I have used the following for jcifsConfig

	<bean name="jcifsConfig"
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig">
		<property name="loginConf" value="/WEB-INF/login.conf" />
		<property name="jcifsDomain" value=xxx />
		<property name="jcifsNetbiosWins" value=xxx />
	</bean>

(
The following is some of the debug output:
2007-09-11 07:52:41,564 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - <SPNEGO
Authorization he
ader found with 316 bytes>
2007-09-11 07:52:41,564 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - <Obtained
token: NTLMSSP
***
2007-09-11 07:52:41,564 DEBUG
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to create
TicketGrantingTic
ket for Principal is null>
2007-09-11 07:52:41,580 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - <Unable to
obtain the ou
tput token required.>
2007-09-11 07:52:41,580 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - <Setting
HTTP Status to
401>
2007-09-11 07:52:41,580 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - <Action
'SpnegoCredentia
lsAction' completed execution; result is 'error'>

)

We have an Active Directory setup here : does that mean I can not use NTLM
and am forced to use Kerboros or could this be some incompatibility with the
NTLM hashcodes/versions etc?

Any help would be appreciated!

-- 
View this message in context: http://www.nabble.com/SPNEGO-config-for-NTLM-tf4416498.html#a12596935
Sent from the CAS Users mailing list archive at Nabble.com.

More information about the cas mailing list