tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sven Ewert" <sven.ew...@satama.de>
Subject AW: linux servlet -> /etc/passwd authentication
Date Sat, 06 Apr 2002 21:12:04 GMT

hi,

i thinlk using the /etc/passwd(shadow) file isnt a good idea for a servlet
authentication.
think about security.
do you have read the tomcat-documentation about JDBCRealm?
localhost:8080/doc/JDBCRealm-howto.html (or something)

its very easy to set up this realm and also not so insecure.
i bet, when u r using /etc stuff you will run into trouble.

cheers

sven

---
sven (e)wert
                   !!!           ___      
    ()_()     `  _     _  '     <_*_>     
    (o o)      -  (OXO)  -      (o o)     
ooO--`o'--Ooo-ooO--(_)--Ooo--8---(_)--Ooo-
 (?`..,(?`.., I`ll greetz you ,..??),..??)
"In a time of insanity, let a madman lead the way"

> -----Ursprungliche Nachricht-----
> Von: Allen Harper [mailto:harperaa@yahoo.com]
> Gesendet: Samstag, 6. April 2002 22:37
> An: tomcat-user@jakarta.apache.org
> Betreff: linux servlet -> /etc/passwd authentication
> 
> 
> I am playing with trying to get a tomcat servlet to get username and
> password from a user and authenticate with the underlying linux
> /etc/passwd /etc/shadow file.  I have looked into JAAS, it only seems to
> support NT, database, and flat text file authentication.  From what I
> can tell, it may not exist.  Have you seen anything on this or have any
> ideas of how to make it work? 
>  
> If I have to, I will turn off shadowing for this application...
>  
> Examples of code would be greatly appreciated.
>  
> allen
> 

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message