tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: NT authentication
Date Fri, 08 Dec 2000 17:24:16 GMT
Josh Knowles wrote:

>  Is there any way that you can set up a page to tap into NT authentication?  I
> dont know if this would be something that gets set in tomcat or if it is
> something that is non-tomcat related so I thought I would just try this
> list.Thanks,JoshJosh Knowles
> Web Developer
> World Wide Packets
> josh.knowles@worldwidepackets.com
> 509.242.9247

It would be technically feasible to accomplish this, by creating a custom Realm
implementation for Tomcat that interfaced to NT's authentication mechanisms via
native code and JNI.

However, unless you run across an SSL connection (or on an Intranet that is not
exposed to the outside world), doing so would be a pretty incredible security
risk, because the username and password are communicated across the network in
an unencrypted form when you use BASIC or FORM-BASED authentication in your web
application.

Craig McClanahan

Mime
View raw message