[Deploying Sakai] Configuring CAS for auth, and Kerberos for WebDAV
Seth Theriault
slt at columbia.edu
Wed May 4 06:27:11 PDT 2011
Martin B. Smith wrote:
> Even using the Kerberos provider only for authentication (we
> used LDAP at first for user directory data), the authentication
> method still checks for a valid user using userExists() and
> userKnownToKerberos() (last I looked, anyway, that's from my
> notes). userExists() returns true even with a bad password (and
> it tries with String pw = "dummy";), and logs
> "userKnownToKerberos(user): Kerberos user known (bad pw)".
I am pretty sure the stock Kerberos provider doesn't implement a
userExists() method. Which one are you using?
And, what's your setting for "requireLocalAccount" in
providers/component/src/webapp/WEB-INF/components.xml? This
defaults should prevent the lookup behavior:
<property name="requireLocalAccount"><value>true</value></property>
Otherwise, this sounds like a bug that needs attention.
Seth
More information about the production
mailing list