[Deploying Sakai] Configuring CAS for auth, and Kerberos for WebDAV
slt at columbia.edu
Wed May 4 06:27:11 PDT 2011
Martin B. Smith wrote:
> Even using the Kerberos provider only for authentication (we
> used LDAP at first for user directory data), the authentication
> method still checks for a valid user using userExists() and
> userKnownToKerberos() (last I looked, anyway, that's from my
> notes). userExists() returns true even with a bad password (and
> it tries with String pw = "dummy";), and logs
> "userKnownToKerberos(user): Kerberos user known (bad pw)".
I am pretty sure the stock Kerberos provider doesn't implement a
userExists() method. Which one are you using?
And, what's your setting for "requireLocalAccount" in
defaults should prevent the lookup behavior:
Otherwise, this sounds like a bug that needs attention.
More information about the production