tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wendy Smoak" <wsm...@gmail.com>
Subject Re: Does using Kerberos with Tomcat reduce my security?
Date Tue, 29 Aug 2006 19:20:29 GMT
On 8/29/06, David Smith <dns4@cornell.edu> wrote:
> I know this is a later response, but better late than never.
>
> Strictly and technically speaking, your Kerberos JAAS realm is weakening
> the the intense security offered by kerberos.

... and whatever you do, DO NOT turn the <realm> debug level up above
2 or JAASCallbackHandler will happily log Kerberos passwords in plain
text.

-- 
Wendy
http://wiki.wsmoak.net/cgi-bin/wiki.pl?TomcatJAASRealm

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message