Purpose:
This how-to is for the users who want to setup an environment with CAS in front and OpenLDAP, GSSAPI, Kerberos as the authorization engine.
Environment:
Server: Fedora Core 6 + CAS 3.1 + Tomcat 5.5.20 + OpenLDAP 2.3.30 + Cyrus SASL 2.1.22 + Kerboeros 1.5-23
Client: Fedora Core 6 + Firefox 2
Windows XP + IE6 SP2
Config DNS:
To make SSL and Kerberos work, I have to config DNS at the very beginning.
1. Edit /etc/named.conf, add langhua zone:
zone "1.168.192.IN-ADDR.ARPA." IN { type master; file "192.168.1.db"; }; zone "langhua." IN { type master; file "named.langhua"; };
2. Create /var/named/named.langhua
$TTL 1H @ SOA localhost. root.localhost. ( 2 3H 1H 1W 1H ) NS localhost. auth.langhua. IN 1H A 192.168.1.110 _kerberos IN TXT "AUTH.LANGHUA" _kerberos._udp.auth.langhua. IN SRV 0 0 88 auth.langhua. _kerberos-master._udp.auth.langhua. IN SRV 0 0 88 auth.langhua. _kerberos-adm._tcp.auth.langhua. IN SRV 0 0 749 auth.langhua. _kpasswd._udp.auth.langhua. IN SRV 0 0 464 auth.langhua. _ldap._tcp.auth.langhua. IN SRV 0 0 389 auth.langhua. _ldap._tcp.dc._msdcs.auth.langhua. IN SRV 0 0 389 auth.langhua. _kerberos._tcp.dc._msdcs.auth.langhua. IN SRV 0 0 88 auth.langhua.
3. Create /var/name/192.168.1.db
$TTL 1H @ SOA localhost. root.localhost. ( 2 3H 1H 1W 1H ) NS localhost. 110 PTR auth.langhua.
4. nslookup auth.langhua
Server: 192.168.1.110
Address: 192.168.1.110#53
Name: auth.langhua
Address: 192.168.1.110
5. dig -x 192.168.1.110
; <<>> DiG 9.3.4-P1 <<>> -x 192.168.1.110
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3829
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;110.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
110.1.168.192.in-addr.arpa. 3600 IN PTR auth.langhua.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 3600 IN NS localhost.
;; ADDITIONAL SECTION:
localhost. 86400 IN A 127.0.0.1
localhost. 86400 IN AAAA ::1
;; Query time: 1 msec
;; SERVER: 192.168.1.110#53(192.168.1.110)
;; WHEN: Thu Nov 29 04:53:02 2007
;; MSG SIZE rcvd: 137