tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid...@pidster.com>
Subject Re: Adding NTLM Auth to the Entire tomcat instance
Date Thu, 25 Oct 2007 15:19:16 GMT
Peter Kahn wrote:
> Can someone let me know how to setup NTLM authentication such that all
> access to tomcat is restricted to users in a specific group?
> 
> I have an instance of tomcat and it is serving several opengrok web apps.
> Each opengrop app is pointing at a different source tree.  I want to
> restrict access to all of these webapps to a specific group of users.
> 
> When I offer php based webapps and restrict them to a group of users, I use
> apache2 authentication with a perl based NTLM extension.  Since tomcat is
> running on a different port,   I tried binding tomcat to localhost or
> loopback only and then used the proxy directive from apache2 to the offer
> the applications to users on my lan.  This worked, but the NTLM auth failed
> when I added it in.  I see my options as:
>   a) get apache auth to work via the proxy
>   b) forget apache auth and have tomcat handle the authentication.

If you use the AJP connector with mod_jk (or in Apache 2.2,
mod_proxy_ajp) you can continue to front your application with HTTPD
NTLM authentication.

Set the tomcatAuthentication connector attribute to false, as per:

http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html

p


> I looked around the docs, googling here and there but most authentication
> appeared to be at the individual web application level and not for the
> entire instance.
>   - Is authentication at the entire tomcat instance level a practice that
> people do?
>   - Is there a standard way to tie it into NTLM?
> 
> So, can you send me links or advice if you happen to know of a good resource
> for issue or see that I'm approaching in a needlessly difficult way?  Thanks
> 
> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message