tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Bauman <>
Subject Re: Bypassing IIS security
Date Sun, 19 Nov 2000 21:55:06 GMT
I remember when I worked for Imation we had that problem with IIS3-4 (you
can't add web users without adding them to the system, ie 1 user to IIS is
1 user to that whole machine!)

Anything to prevent this requirement would be greatly appreciated if I
rewind my experience a couple years.

On Sun, 19 Nov 2000, Nacho wrote:

> Hola A todos:
> Lately I'm trying to figure out a way to bypass the basic/digest
> security handling done by ISS, and so let it be done by tomcat, as it's
> a pain under IIS as it requires to have the users created at OS level, (
> at least i unable to found a  way to do that  ), but apart from MS
> blues.....
> I did found that way only by changing a single line inside the ajp12
> handling routine , and letting remoteuser be obtained by tomcat itself,
> i think this works for all servers and for basic&digest authentication ,
> Can be useful to know of to somebody, if anybody found it useful i can
> add an option to server.xml to control that ( at contextmanager level
> i.e) , and i'm thinking only of TC 3.3 and TC 4.0 at that time.
> What do you think?
> Saludos ,
> Ignacio J. Ortega

Nicolaus Bauman
Software Engineer
Simplexity Systems

View raw message