...
network.negotiate-auth.trusted-uris = univ-amu.fr
krb5.conf:
Bloc de code | ||||
---|---|---|---|---|
| ||||
[libdefaults] default_realm = SALSA.UNIV-AMU.FR default_keytab_name = /etc/cas/config/kerberos/cas-test.keytab dns_lookup_realm = true dns_lookup_kdc = true default_tkt_enctypes = rc4-hmac default_tgs_enctypes = rc4-hmac [realms] SALSA.UNIV-AMU.FR = { kdc = xxx.salsa.univ-amu.fr:88 kdc = yyy.salsa.univ-amu.fr:88 } [domain_realm] .salsa.univ-amu.fr = SALSA.UNIV-AMU.FR salsa.univ-amu.fr = SALSA.UNIV-AMU.FR |
Bloc de code | ||||
---|---|---|---|---|
| ||||
Keytab name: FILE:/etc/cas/config/kerberos/cas-test.keytab KVNO Principal ---- -------------------------------------------------------------------------- 3 HTTP/cas-test.univ-amu.fr@SALSA.UNIV-AMU.FR |
...
Pas besoin de mettre un login.conf dans votre configuration
Bloc de code | ||||
---|---|---|---|---|
|
...
cas.authn.spnego.mixedModeAuthentication=true |
...
#cas.authn.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit |
...
cas.authn.spnego.supportedBrowsers=Firefox |
...
cas.authn.spnego.send401OnAuthenticationFailure=false |
...
cas.authn.spnego.ntlmAllowed=false |
...
cas.authn.spnego.principalWithDomainName=false |
...
cas.authn.spnego.name=spnego |
...
cas.authn.spnego.ntlm=false |
...
cas.authn.spnego.order=1 |
...
cas.authn.spnego.system.kerberos-conf=file:/etc/krb5.conf |
...
cas.authn.spnego.system.kerberosRealm=SALSA.UNIV-AMU.FR |
...
cas.authn.spnego.properties[0].jcifsServicePrincipal=HTTP/cas-test.univ-amu. |
...
fr@SALSA.UNIV-AMU.FR |
...
cas.authn.spnego.properties[0].jcifsDomain=salsa.univ-amu.fr |
...
#cas.authn.spnego.system.kerberosDebug=true |
...
cas.authn.spnego.hostNameClientActionStrategy=hostnameSpnegoClientAction |
...
cas.authn.spnego.ipsToCheckPattern=^(10.*|172.*)$ |
Une référence intéressante sur Kerberos et HTTP : http://remivernier.com/index.php/2018/09/16/exploration-des-entetes-http-www-authenticate/
...