tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tracy Nelson" <>
Subject RE: Tomcat User Authentication
Date Fri, 29 Sep 2006 22:20:57 GMT
Doesn't look like there's a simple solution.  You can get an LDAP
adapter for RACF which should make it fairly easy to plug in a JAAS
adapter.  There's the CAS project (,
which provides enterprise-level single-sign-on, you can connect to that
via Acegi Security (  IBM makes a
product called WebSeal, don't know if you have money to spend on this or
not (they also make the LDAP RACF adapter).


I'd recommend getting the LDAP RACF adapter (no idea of cost) and
configuring a PAM for JAAS.  That's probably the easiest way.  If you
want to tackle a big project, bring in CAS and make it your enterprise
standard.  I think you'll still need the LDAP adapter, though, I didn't
see a native CAS to RACF bridge.  I also hear lots of good things about
Acegi Security, but I've never used it myself.  Worth a look, though.


Good luck!



Tracy Nelson / Nelnet Business Solutions

402 / 617-9449


From: Kevin Mullin [] 
Sent: Friday, 29 September, 2006 11:21
Subject: Tomcat User Authentication


Tomcat comes with a file, tomcat-users.xml, which is used for user
authentication and to determine what they can access.  We have our own
userid authentication process on our IBM mainframe computers which uses
something called RACF.  Is there a way to get Tomcat to use this
processs to determine proper userid and password authentication, in
addition to using its own tomcat-users.xml to determine what the
individual is capable of doing?

Kevin Mullin
Sr. Analyst
IBM Corporation
(206) 345-7068 



  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message