Spnego question

[tedzo]

Hello,
I have a requirement to integrate CAS signon with the windows signon such that a user that logs into the windows workstation doesn't need to login via CAS again. Specifically, I need to use NTLM only (I realize the issues related to that). Looking through the wiki and I found http://www.ja-sig.org/wiki/display/CASUM/SPNEGO. I have a few questions-

1. What version of CAS is required for NTLM support?

2. I am having a bit of trouble figuring out what part of the document is applicable for just NTLM authentication. The document talks a lot about setting up the Active Directory, modifying the encryption algorithm and creating the Keytab file. Can I skip all this since it seems to pertain to Kerberos? This is what I think needs to change for NTLM support-
a) Set up Login webflow (add 2 new states and update 2 others)
b) Add corresponding beans to cas-servlet.xml
c) Modify deployerConfigContext.xml
d) jcifsConfig Bean is required I guess. What do I do with the Kerberos related properties?
e) login.conf? Required?

Can someone please confirm?

3. Is it possible to set up CAS such that NTLM authentication is used if available and if not, then it falls back to the usual means of authentication?

Thank you for your time.



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20081203/93c67c3e/attachment.html