tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Tomcat and Windpws authentication
Date Mon, 01 Apr 2013 14:52:37 GMT
Hi list.

I have (re-)gone through the Tomcat 7 on-line documentation regarding Windows Domain 
authentication (variously designated in different places with acronyms such as WIA, 
SPNEGO, AD Authentication, with some additional sub-levels of NTLM (v1 and v2) and 
Kerberos), without finding ever a clear response to this question :

Which of the Valves, methods, third-party libraries etc. work for a Tomcat Linux host as 
well as for a Tomcat Windows host ?

>From the on-line documentation to be found on either the Tomcat site or on the Waffle
or on the "SPNEGO project at SourceForge", it is *not clear at all* if any of these work 
on a Tomcat Linux host "out of the box" or if they require additional software.
For example, the examples given for the SPNEGO Valve all refer only to a Tomcat hosted on

a Windows machine; other parts mention that the Tomcat host has to be "joined to the 
Windows Domain" - which to my knowledge under Linux would require at least Samba; other 
parts (Waffle) talk about using a native Windows library (which seems to imply that Tomcat

is running on a Windows host).  Maybe I am misunderstanding some of this, but none of the

above clearly say either "yes, it works under Linux" or "no, it doesn't".

Is there any way to get some clarification on this ?

I know that this is not easy to provide for any of the Tomcat committers or helpers on 
this list, because it requires a Linux Tomcat host with access to one or several Windows 
Domains, and the time to evaluate the various options.  (It is not any easier for me, 
which is why I am asking.)

But it seems to me that the documentation available at this point on the Tomcat site is 
unclear and - if some of these options do /not/ work under Linux - may cause people to 
lose a significant amount of time trying dead-ends.

I'll start the ball rolling : by personal experience, I do know that the third-party 
(commercial) Jespa library works in both cases (Tomcat hosted on Linux or Windows), with 
exactly the same configuration procedure, that it does not need any other external 
component or circumstance (apart from the free cifs.jar library from the Samba project), 
that it has a good and clear documentation, and that one can download it and test it for 
60 days for free.  On the other hand, it is not a <Realm>, it is not a <Valve>,
it is a 
Servlet Filter.

Can anyone provide similar clarification on the other options listed on the Tomcat website

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message