tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 48685] Spnego Support in Tomcat
Date Fri, 01 Apr 2011 11:30:23 GMT

--- Comment #41 from Mark Thomas <> 2011-04-01 07:30:16 EDT ---
(In reply to comment #40)
> - DEFAULT_SPN_CLASS is never used, forgot to delete?

> - DEFAULT_KRB5_CONF value: .ini is Windows style, on Unix is krb5.conf only. I
> would stick to that convention. I.e., split in two props.
Happy with the current default. Can be set via system property.

> - DEFAULT_LOGIN_MODULE_NAME value: this is Oracle-specific, I would rather use
> a vendor-agnostic name like 'tomcat-accept'. (Same rule as in tomcat.keytab)
Happy with the current default. Users can change if desired.

> - 'storeDelegatedCredentials' rename to 'storeDelegatedCredential'

> - 'stripAtForGss' rename to 'stripRealm'
Changed to stripRealmForGss

> - There is no option to sign in with Kerberos into a directory server. Only
> delegated credential works. This might be problematic if some user account is
> not trusted for cred deleg. I don't like to fall back to plain password. Did I
> miss that spot in the code?
Nope. Please open an enhancement request.

> - Property '' should be configurable.
> It applies at least to GSSAPI.
> - Property '' should be configurable. It applies at
> least to GSSAPI *and* DIGEST-MD5.
Another enhancement request please.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message