Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org Received: (qmail 14443 invoked from network); 9 Nov 2003 15:37:31 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 9 Nov 2003 15:37:31 -0000 Received: (qmail 87811 invoked by uid 500); 9 Nov 2003 15:37:07 -0000 Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 87798 invoked by uid 500); 9 Nov 2003 15:37:07 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 87785 invoked from network); 9 Nov 2003 15:37:07 -0000 Received: from unknown (HELO sid.armstrong.com) (204.74.20.252) by daedalus.apache.org with SMTP; 9 Nov 2003 15:37:07 -0000 Received: from joedog.org (pcp01470022pcs.lncstr01.pa.comcast.net [68.82.237.147]) by sid.armstrong.com (8.12.8p1/8.12.8) with ESMTP id hA9FQdC0004096 for ; Sun, 9 Nov 2003 10:26:39 -0500 Message-ID: <3FAE5F19.7070303@joedog.org> Date: Sun, 09 Nov 2003 10:36:57 -0500 From: Tim Funk Organization: Human being User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en, es-mx, de, sv MIME-Version: 1.0 To: Tomcat Users List Subject: Re: LDAP Configuration And Passwords References: <83DD1986DE996945886399CF2A3B5F7C06F32E@vsti01.vsti.local> In-Reply-To: <83DD1986DE996945886399CF2A3B5F7C06F32E@vsti01.vsti.local> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N You can extend JNDIRealm on your own to create your own authentication. The ideal solution is the read protect server.xml so only the appropraite parties are allowed to read it. Anything else is "insecure." (Except having someone type in a password at start up which tomcat doesn't have that functonality) -Tim Edwin K. Brown wrote: > Hello, > I have set up Tomcat in the standalone mode to do user authorization by using LDAP. > > We don't allow anonymous browsing of the LDAP tree, so the connectionUser and connectionPassword attributes have to be used in the JNDIRealm configuration. > > However, for obvious reasons, having the user name and password in the server.xml file is not a good idea. > > Is there any other way to address this problem? > > Thank you. > --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org