[jcifs] Kerberos login for Tomcat

Eric Glass eric.glass at gmail.com
Fri Mar 30 12:07:59 GMT 2007 

The jcifs-ext package had a jcifs filter tht was modified to also
negotiate kerberos.  It ws built against a very old version of jcifs
though, and I never bothered to try and port it forward.


On 3/30/07, Yannick <yannick at smellyfrog.com> wrote:
> Have a look at that thread
> http://www.arcknowledge.com/gmane.comp.apache.mod-auth-kerb.general/2005-11/msg00005.html
>
> I remember that at the time I used mod rewrite in apache to pass the
> remote user to tomcat. I don't have the details anymore since we
> abandonned this solution for JCIFS. I never looked at implementing a
> Kerberos solution in Java since all the hard (And good) work was already
> done in mod_auth_kerb.
>
> The solution with Apache with mod_auth_kerb and mod_rewrite with tomcat
> DID work though. The only thing after that was to catch the remote user
> from the HTTP header.
>
> We went for JCIFS because it offered more flexibility. In our case we
> wanted to be able to filter some users to go through Kerberos or not.
> This involved having two apache servers and to put an IP filtering. It
> was deemed to be too expensive in maintenance. In your case it might be
> just what you need.
>
> Regards
> Yannick
>
> www005531 wrote:
>
> > But how to retrieve credential from Apache to Tomcat apps?
> > Probably Apache provide only secure container to Tomcat...
> >
> > Don't you know how to implement pure java Kerberos filter? I have big
> > problem:(
> >
> > Regards, Andrew
> >
> >
> > ----- Original Message ----- From: "Yannick" <yannick at smellyfrog.com>
> > To: "Andrew" <www005531 at gazeta.pl>
> > Cc: <jcifs at lists.samba.org>
> > Sent: Thursday, March 29, 2007 3:58 PM
> > Subject: Re: [jcifs] Kerberos login for Tomcat
> >
> >
> >> There is a module for Kerberos authentication with Apache. I suppose
> >> you have apache in front of tomcat.
> >> I don't remember exactly what was involved to make it work, but I
> >> remember I had that working on Windows 2003.
> >>
> >> Yannick
> >>
> >> Andrew wrote:
> >>
> >>> Hello,
> >>>
> >>> I have to develop a Kerberos login for Tomcat to authenticate users
> >>> of my web application using Active Directory".
> >>> JCIFS works only on NTLM.
> >>> Have you got any ideas?
> >>>
> >>> Regards
> >>> Andrew
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >
> >
>
>

More information about the jcifs mailing list