Purpose:
This how-to is for the users who want to setup an environment with CAS in front and OpenLDAP, GSSAPI, Kerberos as the authorization engine.
Environment:
Server: Fedora Core 6 + CAS 3.1 + Tomcat 5.5.20 + OpenLDAP 2.3.30 + Cyrus SASL 2.1.22 + Kerboeros 1.5-23
Client: Fedora Core 6 + Firefox 2
Windows XP + IE6 SP2
Config DNS:
To make SSL and Kerberos work, I have to config DNS at the very beginning.
1. Edit /etc/named.conf, add langhua zone:
/etc/named.conf
zone "1.168.192.IN-ADDR.ARPA." IN {
type master;
file "192.168.1.db";
};
zone "langhua." IN {
type master;
file "named.langhua";
};
2. Create /var/named/named.langhua
/var/named/named.langhua
$TTL 1H @ SOA localhost. root.localhost. ( 2 3H 1H 1W 1H ) NS localhost. auth.langhua. IN 1H A 192.168.1.110 _kerberos IN TXT "AUTH.LANGHUA" _kerberos._udp.auth.langhua. IN SRV 0 0 88 auth.langhua. _kerberos-master._udp.auth.langhua. IN SRV 0 0 88 auth.langhua. _kerberos-adm._tcp.auth.langhua. IN SRV 0 0 749 auth.langhua. _kpasswd._udp.auth.langhua. IN SRV 0 0 464 auth.langhua. _ldap._tcp.auth.langhua. IN SRV 0 0 389 auth.langhua. _ldap._tcp.dc._msdcs.auth.langhua. IN SRV 0 0 389 auth.langhua. _kerberos._tcp.dc._msdcs.auth.langhua. IN SRV 0 0 88 auth.langhua.
3. Create /var/name/192.168.1.db
/var/name/192.168.1.db
$TTL 1H @ SOA localhost. root.localhost. ( 2 3H 1H 1W 1H ) NS localhost. 110 PTR auth.langhua.