Both krb5.conf and jcifsConfig needed?
Michael Ströder
michael at stroeder.com
Sun Mar 9 08:31:42 EDT 2008
HI!
First, many thanks for providing CAS.
I'm testing CAS with SPNEGO and it works just fine following the docs on
http://www.ja-sig.org/wiki/display/CASUM/SPNEGO
But I have one question: Is it necessary to really have both a krb5.conf
*and* the jcifsConfig? Or would it be possible to just use the jcifsConfig
with the properties jcifsServicePrincipal and jcifsServicePassword? In this
case the step with ktpass and transferring the keytab would also not be
needed. And deployment would be much easier since I just would have to
install a single .war file. Maybe the docs only mention /etc/krb5.conf for
testing the configuration with the MIT utils?
I temporarily removed /etc/krb5.conf and it seems to still work. But I'd be
glad to get a definitive answer from somebody who really knows. Also, are
there any security considerations when solely using the jcifsConfig? I
thought about this myself but the Tomcat server would need read access to a
server keytab anyway.
Ciao, Michael.
More information about the cas
mailing list