tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark H. Wood" <mw...@IUPUI.Edu>
Subject Re: very basic question about apache and tomcat
Date Fri, 21 Sep 2012 15:03:18 GMT
I've never tried with Tomcat, but it's not hard to get other Unix
applications to authenticate against the Kerberos component of ADS.  I
logon to Linux every day with ADS credentials, using Kerberos.

o  Browsers will need to be set up to use GSSAPI authentication with
   the affected site.  There's a plugin for Firefox that helps to
   manage the way it does this, where it's called Integrated
   Authentication for some reason.  I don't know how to manage that in
   IE since there isn't an IE for Linux. :-/

o  The server will need to offer GSSAPI authentication and know how to
   validate tickets.  A lot of that is standard JRE equipment.
   http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html
   looks like good information on gluing it into Tomcat.

If I were doing this, I'd first stop thinking of it as Windows or ADS
authentication and think in terms of GSSAPI/Kerberos.

Searching for "firefox kerberos authentication" showed me a lot of
hits that might help you on the client side.

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Asking whether markets are efficient is like asking whether people are smart.

Mime
View raw message