-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathpam_cas.conf
36 lines (28 loc) · 1.28 KB
/
pam_cas.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# sample pam_cas config
# host from CAS server. mandatory
host secure.its.yale.edu
# port from CAS server. Default to 80 or 443, depends from ssl instruction
#port 443
# uri to validate ticket. Default to /proxyValidate
uriValidate /proxyValidate
# https or no. values on or off. Default to on.
ssl on
# debug (on) or no (off). debug in syslog, level LOG_DEBUG. Default to off
debug off
# proxy or proxies who deliver Proxy Ticket.
# If no proxy, pam_cas doesn't control it
# It may be several proxy instructions
proxy https://imp.its.yale.edu/cas/casProxy.php
proxy https://uportal1.its.yale.edu/CasProxyServlet
proxy https://uportal2.its.yale.edu/CasProxyServlet
# trusted_ca. mandatory if ssl on.
# It a file in pem format. It can contents several certificates
# If the CAS server certificate is auto-signed, the file must content the certificate
# If the certificate is trusted by an Certificate Autority, The file must content
# certificate from high level CA
# trusted_ca /etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
trusted_ca /etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.pem
# No caching of proxy tickets by default.
# Configure a cacheDirectory if you want to enable caching of proxy tickets.
# You also need to configure a cron to clean the directory
#cacheDirectory /var/cache/pam_cas