[Deploying Sakai] Configuring CAS for auth, and Kerberos for WebDAV

Seth Theriault slt at columbia.edu
Tue May 3 18:06:52 PDT 2011


Martin B. Smith wrote:

> One more consideration is that the Kerberos implementation 
> makes one attempt with a bad password to test for user 
> existence, so you'll need to patch it if that behavior would 
> lock out users in your KDC :).

The Kerberos provider was really meant to be used for 
authentication only, as noted in the installation docs:

https://source.sakaiproject.org/svn/providers/trunk/kerberos/docs/INSTALL.txt

Again, using your KDC as a directory is not recommended. If 
you need to provide users "externally," I would highly 
recommended LDAP or the like for the user data.

Columbia provisions its Sakai users with local "internal" 
accounts and uses a CAS-like WebISO and Kerberos for 
authentication. I'd be happy to talk to anyone offline about 
our approach.

Seth



More information about the production mailing list