tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Holman <j.g.hol...@qmul.ac.uk>
Subject Re: JNDIRealm
Date Sat, 02 Feb 2002 00:07:29 GMT
Fredrik


At 15:06 29/01/02, you wrote:
>John Holman wrote:
> >
> > JNDIRealm works by retrieving the password from the directory server and
> > comparing it explicitly with the value given by
> > the user. Unfortunately AFAIK this mode of operation will not work with
> > eDirectory.
>
>Reading the Realm HOWTO again made me realize that... Why would anyone
>want the Realm to get the password from the server instead of doing a
>simple LDAP bind?

I agree - almost always a bind is better, unless you need to support HTTP 
digest
authentication.


> > There have been proposals (e.g. from me) to enhance JNDIRealm to allow it
> > to authenticate the user by binding to the directory server, in the same
> > way as auth_ldap. This should work with eDirectory, but isn't available 
> yet.
>
>Have the proposal been approved by the Tomcat developers, and are there
>any people working on this issue?


Similar proposals are in the draft functional specification for the JNDI 
realm, and
I submitted a patch to the tomcat-dev list earlier today that implements 
the required
functionality. You are more than welcome to try it, if you get the chance.

I'm hoping that this patch will get incorporated into Tomcat ...

John.



>--
>Fredrik Westermarck
>
>--
>To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
>Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message