[Deploying Sakai] Configuring CAS for auth, and Kerberos for WebDAV
Seth Theriault
slt at columbia.edu
Tue May 3 18:06:52 PDT 2011
Martin B. Smith wrote:
> One more consideration is that the Kerberos implementation
> makes one attempt with a bad password to test for user
> existence, so you'll need to patch it if that behavior would
> lock out users in your KDC :).
The Kerberos provider was really meant to be used for
authentication only, as noted in the installation docs:
https://source.sakaiproject.org/svn/providers/trunk/kerberos/docs/INSTALL.txt
Again, using your KDC as a directory is not recommended. If
you need to provide users "externally," I would highly
recommended LDAP or the like for the user data.
Columbia provisions its Sakai users with local "internal"
accounts and uses a CAS-like WebISO and Kerberos for
authentication. I'd be happy to talk to anyone offline about
our approach.
Seth
More information about the production
mailing list