Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D0563B6B9 for ; Fri, 6 Jan 2012 15:15:52 +0000 (UTC) Received: (qmail 52449 invoked by uid 500); 6 Jan 2012 15:15:49 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 52282 invoked by uid 500); 6 Jan 2012 15:15:44 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 52232 invoked by uid 99); 6 Jan 2012 15:15:43 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Jan 2012 15:15:43 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of sigzero@gmail.com designates 209.85.161.173 as permitted sender) Received: from [209.85.161.173] (HELO mail-gx0-f173.google.com) (209.85.161.173) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Jan 2012 15:15:37 +0000 Received: by ggnk1 with SMTP id k1so847835ggn.18 for ; Fri, 06 Jan 2012 07:15:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; bh=eytOpJJVb/BR98Qd4+oqqps6+/VsA/4NkNLZTO86Kf0=; b=iBC6OQG+IgKMqL9B7vJrbssxKNGGqVcHEDKFjMqsbt4k8luZjYkst31YwJBggsQvjz 78ERQn+LHbLuDYJnTb9DeVWzBdNbOcRp82I/RNxOwTmXat8URtP65KbtSd4m7PQxFSCd svwLx4CJW+4wanMKRAUxnYyYpYd/djNSfdURg= Received: by 10.50.51.199 with SMTP id m7mr8208126igo.23.1325862917217; Fri, 06 Jan 2012 07:15:17 -0800 (PST) MIME-Version: 1.0 Received: by 10.231.12.71 with HTTP; Fri, 6 Jan 2012 07:14:46 -0800 (PST) In-Reply-To: <4F070F29.1010006@ice-sa.com> References: <4F070F29.1010006@ice-sa.com> From: sigzero Date: Fri, 6 Jan 2012 10:14:46 -0500 Message-ID: Subject: Re: Tomcat and LDAP (handling password expiration) To: Tomcat Users List Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On Fri, Jan 6, 2012 at 10:11 AM, Andr=E9 Warnier wrote: > sigzero wrote: >> >> The scenario is that Tomcat (6) is sitting on Windows and it talks to >> an LDAP server sitting on Linux (RHEL). What is the best way to handle >> the Tomcat LDAP account password expiring? I know that the password >> needs to change on the LDAP and the Tomcat server.xml file needs to be >> updated. I see no go way to automate that and the only workaround that >> I see is to have the Tomcat LDAP account password not expire. >> > That is indeed the solution we had to get several of our customers to agr= ee > to. > In general, that is a called a "service account" in sysadmin/netadmin > parlance, and it generally means some paperwork.. > Totally agree...security folks don't like that answer too much. I am just doing some ground work to say "this is the way it is". Thanks, Bob --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org