[Deploying Sakai] Configuring CAS for auth, and Kerberos for WebDAV

Seth Theriault slt at columbia.edu
Wed May 4 06:27:11 PDT 2011

Martin B. Smith wrote:

> Even using the Kerberos provider only for authentication (we 
> used LDAP at first for user directory data), the authentication 
> method still checks for a valid user using userExists() and 
> userKnownToKerberos() (last I looked, anyway, that's from my 
> notes). userExists() returns true even with a bad password (and 
> it tries with String pw = "dummy";), and logs 
> "userKnownToKerberos(user): Kerberos user known (bad pw)".

I am pretty sure the stock Kerberos provider doesn't implement a 
userExists() method. Which one are you using?

And, what's your setting for "requireLocalAccount" in 
providers/component/src/webapp/WEB-INF/components.xml? This 
defaults should prevent the lookup behavior:

<property name="requireLocalAccount"><value>true</value></property>

Otherwise, this sounds like a bug that needs attention.


More information about the production mailing list