tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Do any of the Tomcat LDAP-type realms support "no password" authentication?
Date Thu, 01 Dec 2011 09:14:27 GMT wrote:
> Hi,
> I'm new here, and hope that someone can help.
> I was wondering if any of the LDAP-type realms (e.g., JNDIRealm, etc.) support an authentication
mode where no password or credentials are required?  In other words, where just a userID/username
is presented, and if that userID/username is present in the LDAP, then the user gets authenticated?

You have to be VERY specific here about what you mean, because this is a very delicate area.

If you mean : "does there exist any way by which Tomcat can authenticate a user, without 
forcing this user to go through a login dialog with userid and password ?"
then the answer is : yes, several (*).  But the applicability of each depends very much on

the exact circumstances.

If you mean : "does there exist any /standard/ authentication mechanism in Tomcat whereby,

/with/ a login dialog, the user could be authenticated without providing a password, 
although the authentication back-end (e.g. LDAP) has a non-empty password registered for 
that user ?"
then the answer is no, definitely.  Because such a mechanism would be a HUGE security 
hole, so it is certainly not provided as any standard authentication framework.
(which does not mean that you could not invent your own mechanism).

Also, when you are mentioning LDAP, do you really mean the standard LDAP (which is just 
basically a database, and is not per se an "authentication mechanism"), or do you mean 
"Windows domain authentication, backed up by an Active Directory server" ?
Or something else ?

There is so much variation possible here, that it may be better to describe what you want

to achieve really, rather than asking questions about this or that mechanism right away.

(*) for example, look here :

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message