[Deploying Sakai] Configuring CAS for auth, and Kerberos for WebDAV

Martin B. Smith smithmb at ufl.edu
Tue May 3 07:34:32 PDT 2011


On 05/03/2011 09:47 AM, Laura Gekeler wrote:
> I'm interesting in talking to anyone who has so configured their production Sakai instance (CAS and Kerberos or other WebDAV compliant method). I understand from the deployment data (https://jira.sakaiproject.org/browse/PROD-74) that Rice University has, but I don't see documentation anywhere for how to do it, and I don't have a contact at Rice.
>
> Perhaps it is documented and I'm just such a newbie I'm not doing the appropriate search.
>
> Any help?
>
> Thanks so much,
>
> Laura

Hi Laura,

We use Shibboleth for normal authentication, and Kerberos for WebDAV. I 
believe using CAS will be the same as using Shibboleth.

It involved configuring a chain of LDAP first and Kerberos second, as 
described at the bottom of this page (there's more documention in the 
comments of the Sakai source where this is configured):

https://confluence.sakaiproject.org/display/DOC/UserDirectoryProvider

The other key thing was to set the property that turned on container 
login. I forget off the top of my head if it's 'container.login' or 
'container.auth'...

There's some more info in the thread here, too:

http://collab.sakaiproject.org/pipermail/sakai-dev/2011-January/010599.html

One more consideration is that the Kerberos implementation makes one 
attempt with a bad password to test for user existence, so you'll need 
to patch it if that behavior would lock out users in your KDC :).

Hope that helps,
-- 
Martin B. Smith
smithmb at ufl.edu - (352) 273-1374
CNS/Open Systems Group
University of Florida

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5129 bytes
Desc: S/MIME Cryptographic Signature
Url : http://collab.sakaiproject.org/pipermail/production/attachments/20110503/7a4c24ea/attachment.bin 


More information about the production mailing list