Spnego question

tedzo tedzo2003 at yahoo.com
Thu Dec 4 13:32:26 EST 2008 

Bill,
Thanks for your response.
Anyone have an idea about question #2 below?

Thanks.




________________________________
From: Bill Markmann <bmarkmann at gmail.com>
To: Yale CAS mailing list <cas at tp.its.yale.edu>
Sent: Wednesday, December 3, 2008 2:47:27 PM
Subject: Re: Spnego question

Not sure about q's 1&2 (I set up SPNEGO to use Kerberos), but I can confirm that the answer to #3 is yes -- if you just add the SPNEGO login flow as described and don't remove the other mechanism(s) you've already configured, it fails back to the usual means of authentication if the AD identity isn't picked up by the SPNEGO mechanism.

- Bill


On Wed, Dec 3, 2008 at 5:40 PM, tedzo <tedzo2003 at yahoo.com> wrote:

Hello,
I have a requirement to integrate CAS signon with the windows signon such that a user that logs into the windows workstation doesn't need to login via CAS again. Specifically, I need to use NTLM only (I realize the issues related to that). Looking through the wiki and I found http://www.ja-sig.org/wiki/display/CASUM/SPNEGO. I have a few questions-

1. What version of CAS is required for NTLM support?

2. I am having a bit of trouble figuring out what part of the document is applicable for just NTLM authentication. The document talks a lot about setting up the Active Directory, modifying the encryption algorithm and creating the Keytab file. Can I skip all this since it seems to pertain to Kerberos? This is what I think needs to change for NTLM support-
a) Set up Login webflow (add 2 new states and update 2 others)
b) Add corresponding beans to cas-servlet.xml
c) Modify deployerConfigContext.xml 
d) jcifsConfig Bean is required I guess. What do I do with the Kerberos related properties?
e) login.conf? Required?

Can someone please confirm?

3. Is it possible to set up CAS such that NTLM authentication is used if available and if not, then it falls back to the usual means of authentication?

Thank you for your time.


_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20081204/6bc8b0b2/attachment.html

More information about the cas mailing list