tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bongiorno, Christian" <Bongiorno.Christ...@ensco.com>
Subject RE: intranet authentication with win2k
Date Tue, 13 Nov 2001 19:11:17 GMT
What we have done is integrate NT authentication into a Tomcat realm. Using
WIN2k you can use either the com.sun.security.auth packages to Use
NTLoginModule (this only works on windows and only for the currently logged
in user). Or you can use the Krb5 security module same group ... OR... you
can use the fact that every WIN2k domain controller has an LDAP server in it
as well ( active directory), login to it with DOMAIN credentials and query a
custom attribute for roles. Be forwarned that Active Directory does not play
by the LDAP rules. What a suprise!

See

http://java.sun.com/j2se/1.4/docs/guide/security/jaas/spec/

-----Original Message-----
From: Mangi, Rick [mailto:rick.mangi@zcmgroup.com]
Sent: Tuesday, November 13, 2001 2:05 PM
To: 'Tomcat Users List'
Subject: RE: intranet authentication with win2k


yes, once the person is logged into the web application. The question is,
how do I get them logged into the web application without having to prompt
for a user/pass.

Rick


-----Original Message-----
From: John M. Corro [mailto:john.corro@cornerstone.net]
Sent: Tuesday, November 13, 2001 2:57 PM
To: Tomcat Users List
Subject: Re: intranet authentication with win2k


I'm not as familiar w/ NT security either, but it sounds like (from a Java
programming standpoint) the getRemoteUser() method is your best bet.  If I
remember correctly, it returns the username *if* the user has logged in (in
this case through NT security) or null otherwise.
----- Original Message -----
From: "Mangi, Rick" <rick.mangi@zcmgroup.com>
To: <tomcat-user@jakarta.apache.org>
Sent: Tuesday, November 13, 2001 9:49 AM
Subject: intranet authentication with win2k


> Greetings tomcat users!
>
> This question is 1/2 tomcat 1/2 apache. I'm developing an intranet site.
The
> users logon with NT authentication onto our local network. The intranet is
> running tomcat/apache on solaris. I'm wondering if anyone has a solution
for
> authenticating these users on the intranet without them having to log onto
a
> separate system. I know there is an apache module for tying apache
> authentication to NT security (and I assume it's easy enough to pass this
on
> to tomcat). But we're thinking of moving to the win2k "native security"
> system which I know nothing about.
>
> has anyone tackled this before? Any suggestions?
>
> Thanks,
>
> Rick
>
>
> Please pardon the long winded legal stuff below...
>
>
>
>
> This email and any attachments are confidential and may be
> legally privileged. No confidentiality or privilege is waived
> or lost by any transmission in error.  If you are not the
> intended recipient you are hereby notified that any use,
> printing, copying or disclosure is strictly prohibited.
> Please delete this email and any attachments, without
> printing, copying, forwarding or saving them and notify the
> sender immediately by reply e-mail.  Zurich Capital Markets
> and its affiliates reserve the right to monitor all e-mail
> communications through its networks.  Unless otherwise
> stated, any pricing information in this e-mail is indicative
> only, is subject to change and does not constitute an offer
> to enter into any transaction at such price and any terms in
> relation to any proposed transaction are indicative only and
> subject to express final confirmation.
>
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
>
>
>


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


This email and any attachments are confidential and may be 
legally privileged. No confidentiality or privilege is waived 
or lost by any transmission in error.  If you are not the 
intended recipient you are hereby notified that any use, 
printing, copying or disclosure is strictly prohibited.  
Please delete this email and any attachments, without 
printing, copying, forwarding or saving them and notify the 
sender immediately by reply e-mail.  Zurich Capital Markets 
and its affiliates reserve the right to monitor all e-mail 
communications through its networks.  Unless otherwise 
stated, any pricing information in this e-mail is indicative 
only, is subject to change and does not constitute an offer 
to enter into any transaction at such price and any terms in 
relation to any proposed transaction are indicative only and 
subject to express final confirmation.

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message