[jcifs] Kerberos login for Tomcat
Yannick
yannick at smellyfrog.com
Fri Mar 30 07:46:28 GMT 2007
Have a look at that thread
http://www.arcknowledge.com/gmane.comp.apache.mod-auth-kerb.general/2005-11/msg00005.html
I remember that at the time I used mod rewrite in apache to pass the
remote user to tomcat. I don't have the details anymore since we
abandonned this solution for JCIFS. I never looked at implementing a
Kerberos solution in Java since all the hard (And good) work was already
done in mod_auth_kerb.
The solution with Apache with mod_auth_kerb and mod_rewrite with tomcat
DID work though. The only thing after that was to catch the remote user
from the HTTP header.
We went for JCIFS because it offered more flexibility. In our case we
wanted to be able to filter some users to go through Kerberos or not.
This involved having two apache servers and to put an IP filtering. It
was deemed to be too expensive in maintenance. In your case it might be
just what you need.
Regards
Yannick
www005531 wrote:
> But how to retrieve credential from Apache to Tomcat apps?
> Probably Apache provide only secure container to Tomcat...
>
> Don't you know how to implement pure java Kerberos filter? I have big
> problem:(
>
> Regards, Andrew
>
>
> ----- Original Message ----- From: "Yannick" <yannick at smellyfrog.com>
> To: "Andrew" <www005531 at gazeta.pl>
> Cc: <jcifs at lists.samba.org>
> Sent: Thursday, March 29, 2007 3:58 PM
> Subject: Re: [jcifs] Kerberos login for Tomcat
>
>
>> There is a module for Kerberos authentication with Apache. I suppose
>> you have apache in front of tomcat.
>> I don't remember exactly what was involved to make it work, but I
>> remember I had that working on Windows 2003.
>>
>> Yannick
>>
>> Andrew wrote:
>>
>>> Hello,
>>>
>>> I have to develop a Kerberos login for Tomcat to authenticate users
>>> of my web application using Active Directory".
>>> JCIFS works only on NTLM.
>>> Have you got any ideas?
>>>
>>> Regards
>>> Andrew
>>>
>>>
>>>
>>>
>>
>>
>>
>
>
More information about the jcifs
mailing list