tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From הילה <hilavalen...@gmail.com>
Subject Re: Tomcat NTLM Authentication
Date Mon, 07 Mar 2011 14:12:17 GMT
*As Andre says, the one you're using now seems to be rather buggy.  We have
been using the Microsoft driver for a few months now with no trouble, though
we're not using NTLM authentication with it, and the SQL we're using isn't
very demanding*

But does the Microsoft Driver has the ability to support windows
authentication?
If so, how is it implemented?

and by the way... what is the difference between this Microsoft JDBC driver,
to what discussed earlier in a different thread, of tomcat pool JDBC (which
use the tomcat-jdbc.jar file)? maybe i'm mixing two different stuff, but if
so- why does it called the same?

Thanks
Hila

>
>
>>
>> 2011/3/7 David kerber<dckerber@verizon.net>
>>
>>  On 3/7/2011 8:10 AM, הילה wrote:
>>>
>>>  Hey,
>>>> I cannot look for it in Microsoft, since the Java is of SUN, and the
>>>> implementation is on the Java side, not the SQL Microsoft side.
>>>>
>>>>
>>> Microsoft may have a jdbc driver you could use, though.
>>>
>>>
>>> D
>>>
>>>
>>>
>>>  Option no' 1 :]
>>>> User and password should not exist in clear text in the xml file.
>>>>
>>>> 2011/3/7 André Warnier<aw@ice-sa.com>
>>>>
>>>>  הילה wrote:
>>>>
>>>>>
>>>>>  I'm using Microsoft SQL Server 2008, latest SP.
>>>>>
>>>>>> the use of domain user is used with the jtds package, which allows
the
>>>>>> tomcat service to authenticate to the DB with the presence of native
>>>>>> SSPI
>>>>>> DLL called ntlmauth.dll
>>>>>> However, it generated a memory leak in the server. So I'm looking
for
>>>>>> alternatives.
>>>>>>
>>>>>>  So, the problem now, correctly stated, is :
>>>>>>
>>>>>>
>>>>> - does there exist a Java driver for SQL Server 2008, which allows for
>>>>> NTLM
>>>>> authentication with SQL Server, and does not have a memory leak ?
>>>>>
>>>>> (and I would think that Microsoft would be the place to look first)
>>>>>
>>>>>
>>>>> But it is still a bad solution with respect to security, agreed ?
>>>>>
>>>>> It would still be interesting to know in what exact terms you were
>>>>> given
>>>>> this task.
>>>>> Did they tell you
>>>>> - that the userid and password should in no circumstances be stored in
>>>>> clear in any file on the Tomcat server (even if this file cannot be
>>>>> accessed
>>>>> by anyone) ?
>>>>> - or did they tell you : our security scanner found a file containing
a
>>>>> user-id and password; this is not acceptable ?
>>>>> - or some other formulation ?
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message