tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stéphanie Cettou <s.cet...@gmail.com>
Subject Re: Windows Local user Login
Date Thu, 01 Apr 2010 07:12:01 GMT
No, I'm not sure what I want...the only things sure is my mandatory
(and optional) rules...but I don't know how I will make this...
I ask for the windows local user while for me is more simple to create
local user that install a new server with active directory...but if is
necessary (or best) I can install it.
Now, I am writing to understand wich solution I must to take...

So:
- the webapp running in a Microsoft Windows 2003 Server environment.
Active directory is NOT use in this server.
- I don't know what I do...but nobody here can do this....I must learn it..
- Actually the users authenticate with a user/passwords/roles in a SQL
2000 Database. I use
<Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
             driverName="net.sourceforge.jtds.jdbc.Driver"
             connectionURL="jdbc:jtds:sqlserver://acer1/ServiceCenter;user=sa;password=sa;namedPipe=true"
             userTable="Users" userNameCol="UserId" userCredCol="Password"
             userRoleTable="UsersFeatures" roleNameCol="FeatureID" />

like standard tomcat authentication. But, I need to change to
implement my goal..

a) Do you have AD already? No
b) Do you have to authenticate against local Microsoft Windows User
DB? not mandatory
c) Can you use your own database? Yes (but I must to be implement
complex authentication)

Thank you very much Christopher for your help!

Stéphanie



2010/3/31 Christopher Schultz <chris@christopherschultz.net>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Stéphanie,
>
> It sounds to me like you're not sure what you want. Your original
> message was asking about how to authentication against a local Microsoft
> Windows user database (that is, NOT ActiveDirectory, which should be
> trivial). Now it sounds like you want to enforce all kinds of
> constraints on passwords, etc.
>
> Let's solve one problem at a time.
>
> On 3/31/2010 11:25 AM, Stéphanie Cettou wrote:
>> I have a JSP application and tomcat 5.5.
>>
>> my goal it to implement a login for this application with this mandatory rules:
>
> You can deal with password complexity once you've decided how your
> passwords will be stored and how they will be set.
>
> For example, typically when authenticating against ActiveDirectory, the
> webapp itself does not provide a way to change an AD password. When
> passwords are set is the appropriate time to check for required
> complexity. Password expiration should also be done by some other means:
> Authentication just checks credentials.
>
>> The user must can connect from more pc, the finally application is in
>> a Windows 2003 server.
>
> So, you have the webapp running in a Microsoft Windows 2003 Server
> environment: good to know. Is ActiveDirectory being used in this
> environment? If so, use it. If not, don't set up AD just for your webapp.
>
>> I don't know if I can use active directory (create a new active
>> directory only for this application = install a new server), or others
>> things...
>> I don't know if I need to implement this in java, or a existing
>> solution is ready...
>
> An existing solution is probably already available... in Java.
>
>> I don't have a lot of knowledge in active directory, tomcat, NTLM or
>> Kerberos, ....
>
> If you don't know what you're doing, I highly recommend that you find
> someone who does and make this their job to do.
>
>> I need to be sure to choise the good solution for all point of my goal
>> while I can't spent a lot of time, and I can't change my solution
>> later...
>
> Do you have a user database against which you'd like to authenticate
> users? If that database is separate from Microsoft Windows (say, a
> RDBMS), then you don't have to mess with AD/NTLM/whatever: just use one
> of the standard Tomcat realms to do authentication for you. If you
> *must* use the Microsoft Windows user database, then you should look for
> a Java product that can authenticate against such a database.
>
> So, which is it:
>
> a) Do you have AD already?
> b) Do you have to authenticate against local Microsoft Windows User DB?
> c) Can you use your own database?
>
> I'm still not really clear on what your situation is.
>
>> can you give me more informations, please? I don't have enough
>> knowledge to choise the the simplest and best solution now...
>
> You are asking about implementing user authentication, which is
> typically an integral part of your security policy. If you don't
> understand what you are doing, anyone could give you horrible advice. My
> advice is to make sure you understand what you're doing before you do it.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkuzkiEACgkQ9CaO5/Lv0PCU3ACfd2wX88utKny/EEDEFxROcFl+
> W6gAnAktwUL/CWvTW8C3+4jocKqCnl5d
> =fRvV
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message