[Deploying Sakai] Configuring CAS for auth, and Kerberos for WebDAV
Martin B. Smith
smithmb at ufl.edu
Tue May 3 07:34:32 PDT 2011
On 05/03/2011 09:47 AM, Laura Gekeler wrote:
> I'm interesting in talking to anyone who has so configured their production Sakai instance (CAS and Kerberos or other WebDAV compliant method). I understand from the deployment data (https://jira.sakaiproject.org/browse/PROD-74) that Rice University has, but I don't see documentation anywhere for how to do it, and I don't have a contact at Rice.
> Perhaps it is documented and I'm just such a newbie I'm not doing the appropriate search.
> Any help?
> Thanks so much,
We use Shibboleth for normal authentication, and Kerberos for WebDAV. I
believe using CAS will be the same as using Shibboleth.
It involved configuring a chain of LDAP first and Kerberos second, as
described at the bottom of this page (there's more documention in the
comments of the Sakai source where this is configured):
The other key thing was to set the property that turned on container
login. I forget off the top of my head if it's 'container.login' or
There's some more info in the thread here, too:
One more consideration is that the Kerberos implementation makes one
attempt with a bad password to test for user existence, so you'll need
to patch it if that behavior would lock out users in your KDC :).
Hope that helps,
Martin B. Smith
smithmb at ufl.edu - (352) 273-1374
CNS/Open Systems Group
University of Florida
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5129 bytes
Desc: S/MIME Cryptographic Signature
Url : http://collab.sakaiproject.org/pipermail/production/attachments/20110503/7a4c24ea/attachment.bin
More information about the production