tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 48685] Spnego Support in Tomcat
Date Fri, 01 Apr 2011 12:47:51 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685

--- Comment #43 from Michael Osipov <1983-01-06@gmx.net> 2011-04-01 08:47:46 EDT ---
(In reply to comment #41)
> (In reply to comment #40)
> > - DEFAULT_SPN_CLASS is never used, forgot to delete?
> Fixed
> 
> > - DEFAULT_KRB5_CONF value: .ini is Windows style, on Unix is krb5.conf only. I
> > would stick to that convention. I.e., split in two props.
> Happy with the current default. Can be set via system property.

I personally disagree because Tomcat most popular platform is some Unix flavor.

> > - DEFAULT_LOGIN_MODULE_NAME value: this is Oracle-specific, I would rather use
> > a vendor-agnostic name like 'tomcat-accept'. (Same rule as in tomcat.keytab)
> Happy with the current default. Users can change if desired.

I disagree again because abstraction is not missing and not everyone uses an
Oracle JVM.

> > - There is no option to sign in with Kerberos into a directory server. Only
> > delegated credential works. This might be problematic if some user account is
> > not trusted for cred deleg. I don't like to fall back to plain password. Did I
> > miss that spot in the code?
> Nope. Please open an enhancement request.

Will do!

> > - Property 'javax.security.sasl.server.authentication' should be configurable.
> > It applies at least to GSSAPI.
> > - Property 'javax.security.sasl.qop' should be configurable. It applies at
> > least to GSSAPI *and* DIGEST-MD5.
> Another enhancement request please.

Will do!

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message