tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <felix.schumac...@internetallee.de>
Subject Re: Tomcat7 and SPNEGO configuration questions
Date Wed, 05 Jun 2013 20:12:36 GMT
Am 03.06.2013 20:48, schrieb Edward Siewick:
> Felix & Friends,
>
> I've made a fair amount of progress, though I'm still not able to log in with a domain
credential. The domain account ID doesn't appear in the Tomcat7 logging at all, though it
is in tomcat-users.xml. So I might now only be confused as to the syntax of: server.xml for
JAAS; the webapp's "realm" bits in web.xml for SPNEGO, or; tomcat-users.xml. I have tried
changing tomcat-users.xml to "OPENIDMDEV/esiewick", "COM.OPENIDMDEV/esiewick" and just "esiewick".
And, I've adjusted the Account ID in the Windows Security prompt to match each of these.
If I read your logs at the end of your mail correctly, I think you 
haven't gotten that far as to have authenticated an user. In my logs you 
could see an user00001 being authenticated. But I can't really tell you, 
why your user was not authenticated.

At https://issues.apache.org/bugzilla/show_bug.cgi?id=53480 I have 
described how I setup a tomcat with apacheds as a kerberos server. You 
might want to try that setup.

Regards
  Felix
>
> On the progress, here's some detail for the listserv archive.
>
> A first issue was how I was trying to get the CATALINA_OPTS set, so I should start with
a "Thank you" for nudging me on the CATALINA_OPTS bit. I had tried to add CATALINA_OPTS  to
the init.d script, which apparently was getting over-written later in the Tomcat7 startup
sequence. To correct, I simply added "-Dsun.security.krb5.debug=true -Dsun.security.jgss.debug=true"
to the bin/setenv.sh, vice the init.d script. After this, debug=true appeared properly in
the resulting process, below.
>
> ps ajx | grep tomc
> 27474 29541 29541 27446 pts/3    29541 S+       0   0:00 tail -f /var/log/tomcat7/catalina.out
>      1 29585 29571 27391 pts/0    29626 Sl       0   0:36 /usr/java/jre1.6.0_39/bin/java
>   -Djava.util.logging.config.file=/usr/share/tomcat7c/conf/logging.properties
>   -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
>   -Xmx512m -XX:MaxPermSize=256m -XX:PermSize=256m
>   -Dsun.security.krb5.debug=true -Dsun.security.jgss.debug=true
>   -Djava.endorsed.dirs=/usr/share/tomcat7c/endorsed
>   -classpath /usr/share/tomcat7c/bin/bootstrap.jar:/usr/share/tomcat7c/bin/tomcat-juli.jar
>   -Dcatalina.base=/usr/share/tomcat7c -Dcatalina.home=/usr/share/tomcat7c
>   -Djava.io.tmpdir=/usr/share/tomcat7c/temp org.apache.catalina.startup.Bootstrap start
>
> This changed the error logging, adding a clue that smelled like a crypto module limitation:
>
> Found unsupported keytype (18) for HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM
>
> The trace was:
>
> Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache
is null isInitiator true KeyTab is /usr/share/tomcat7c/conf/tomcat7.keytab refreshKrb5Config
is false principal is HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM tryFirstPass is false
useFirstPass is false storePass is false clearPass is false
>>>> KeyTabInputStream, readName(): OPENIDMDEV.COM
>>>> KeyTabInputStream, readName(): HTTP
>>>> KeyTabInputStream, readName(): openid-linux.openidmdev.com
>>>> KeyTab: load() entry length: 98; type: 18
> Found unsupported keytype (18) for HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM
> Key for the principal HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM not available in
/usr/share/tomcat7c/conf/tomcat7.keytab
>                  [Krb5LoginModule] authentication failed
> Unable to obtain password from user
>
> In http://docs.oracle.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
> I found:
>
> "NOTE: The JCE framework within JDK includes an ability to enforce restrictions regarding
the cryptographic algorithms and maximum cryptographic strengths available to applications.
Such restrictions are specified in "jurisdiction policy files". The jurisdiction policy files
bundled in Java SE limits the maximum key length. Hence, in order to use AES256 encryption
type, you will need to install the JCE crypto policy with the unlimited version to allow AES
with 256-bit key."
>
> So, the second issue pertained to cryptography limitations set in /usr/java/jre1.6.0_39/lib/security/.
The tomcat7.keytab was created only with "aes256-cts-hmac-sha1-96" and the /etc/krb5.conf
has a likewise limited suite. The fix was to download Oracle's jce_policy-6.zip, unzip it,
and copy the "unlimited" versions of local_policy.jar and US_export_policy.jar into /usr/java/jre1.6.0_39/lib/security/.
>
> After the jce_policy-6.zip *.jar files were in place, I got:
>
> Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache
is null isInitiator true KeyTab is /usr/share/tomcat7c/conf/tomcat7.keytab refreshKrb5Config
is false principal is HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM tryFirstPass is false
useFirstPass is false storePass is false clearPass is false
>>>> KeyTabInputStream, readName(): OPENIDMDEV.COM
>>>> KeyTabInputStream, readName(): HTTP
>>>> KeyTabInputStream, readName(): openid-linux.openidmdev.com
>>>> KeyTab: load() entry length: 98; type: 18
> Added key: 18version: 0
> Ordering keys wrt default_tkt_enctypes list
> default etypes for default_tkt_enctypes: 18.
> 0: EncryptionKey: keyType=18 kvno=0 keyValue (hex dump)=
> 0000: F3 27 EC F5 C3 55 4D E0   01 F5 40 7E DB 2F DB 0C  .'...UM...@../..
> 0010: F6 4C 17 56 91 A6 A6 D4   3C 4B 5A BE F6 41 49 07  .L.V....<KZ..AI.
>
> principal's key obtained from the keytab
> Acquire TGT using AS Exchange
>>>> KdcAccessibility: reset
> default etypes for default_tkt_enctypes: 18.
>>>> KrbAsReq calling createMessage
>>>> KrbAsReq in createMessage
>>>> KrbKdcReq send: kdc=openiddc.openidmdev.com UDP:88, timeout=30000, number
of retries =3, #bytes=168
>>>> KDCCommunication: kdc=openiddc.openidmdev.com UDP:88, timeout=30000,Attempt
=1, #bytes=168
>>>> KrbKdcReq send: #bytes read=210
>>>> KrbKdcReq send: #bytes read=210
>>>> KdcAccessibility: remove openiddc.openidmdev.com:88
>>>> KDCRep: init() encoding tag is 126 req type is 11
>>>> KRBError:
>           sTime is Mon Jun 03 13:11:34 EDT 2013 1370279494000
>           suSec is 37310
>           error code is 25
>           error Message is Additional pre-authentication required
>           realm is OPENIDMDEV.COM
>           sname is krbtgt/OPENIDMDEV.COM
>           eData provided.
>           msgType is 30
>>>> Pre-Authentication Data:
>           PA-DATA type = 19
>           PA-ETYPE-INFO2 etype = 18
>           PA-ETYPE-INFO2 salt = OPENIDMDEV.COMHTTPopenid-linux.openidmdev.com
>           PA-ETYPE-INFO2 s2kparams = null
> AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
> Updated salt from pre-auth = OPENIDMDEV.COMHTTPopenid-linux.openidmdev.com
>>>> KrbAsReq salt is OPENIDMDEV.COMHTTPopenid-linux.openidmdev.com
> default etypes for default_tkt_enctypes: 18.
> Pre-Authenticaton: find key for etype = 18
> AS-REQ: Add PA_ENC_TIMESTAMP now
>>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>>> KrbAsReq calling createMessage
>>>> KrbAsReq in createMessage
>>>> KrbKdcReq send: kdc=openiddc.openidmdev.com UDP:88, timeout=30000, number
of retries =3, #bytes=255
>>>> KDCCommunication: kdc=openiddc.openidmdev.com UDP:88, timeout=30000,Attempt
=1, #bytes=255
>>>> KrbKdcReq send: #bytes read=100
>>>> KrbKdcReq send: #bytes read=100
>>>> KdcAccessibility: remove openiddc.openidmdev.com:88
>>>> KDCRep: init() encoding tag is 126 req type is 11
>>>> KRBError:
>           sTime is Mon Jun 03 13:11:34 EDT 2013 1370279494000
>           suSec is 209191
>           error code is 52
>           error Message is Response too big for UDP, retry with TCP
>           realm is OPENIDMDEV.COM
>           sname is krbtgt/OPENIDMDEV.COM
>           msgType is 30
>>>> KrbKdcReq send: kdc=openiddc.openidmdev.com TCP:88, timeout=30000, number
of retries =3, #bytes=255
>>>> KDCCommunication: kdc=openiddc.openidmdev.com TCP:88, timeout=30000,Attempt
=1, #bytes=255
>>>> DEBUG: TCPClient reading 1611 bytes
>>>> KrbKdcReq send: #bytes read=1611
>>>> KrbKdcReq send: #bytes read=1611
>>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>>> KrbAsRep cons in KrbAsReq.getReply HTTP/openid-linux.openidmdev.com
> principal is HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM
> EncryptionKey: keyType=18 keyBytes (hex dump)=0000: F3 27 EC F5 C3 55 4D E0   01 F5 40
7E DB 2F DB 0C  .'...UM...@../..
> 0010: F6 4C 17 56 91 A6 A6 D4   3C 4B 5A BE F6 41 49 07  .L.V....<KZ..AI.
> Added server's keyKerberos Principal HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COMKey
Version 0key EncryptionKey: keyType=18 keyBytes (hex dump)=
> 0000: F3 27 EC F5 C3 55 4D E0   01 F5 40 7E DB 2F DB 0C  .'...UM...@../..
> 0010: F6 4C 17 56 91 A6 A6 D4   3C 4B 5A BE F6 41 49 07  .L.V....<KZ..AI.
>
>                  [Krb5LoginModule] added Krb5Principal  HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM
to Subject
> Commit Succeeded
> Search Subject for SPNEGO ACCEPT cred (<<DEF>>, sun.security.jgss.spnego.SpNegoCredElement)
> Search Subject for Kerberos V5 ACCEPT cred (<<DEF>>, sun.security.jgss.krb5.Krb5AcceptCredential)
> Found key for HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM(18)
> Entered Krb5Context.acceptSecContext with state=STATE_NEW
>                  [Krb5LoginModule]: Entering logout
>                  [Krb5LoginModule]: logged out Subject
> Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache
is null isInitiator true KeyTab is /usr/share/tomcat7c/conf/tomcat7.keytab refreshKrb5Config
is false principal is HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM tryFirstPass is false
useFirstPass is false storePass is false clearPass is false
> KeyTab instance already exists
> Added key: 18version: 0
> Ordering keys wrt default_tkt_enctypes list
> default etypes for default_tkt_enctypes: 18.
> 0: EncryptionKey: keyType=18 kvno=0 keyValue (hex dump)=
> 0000: F3 27 EC F5 C3 55 4D E0   01 F5 40 7E DB 2F DB 0C  .'...UM...@../..
> 0010: F6 4C 17 56 91 A6 A6 D4   3C 4B 5A BE F6 41 49 07  .L.V....<KZ..AI.
>
> principal's key obtained from the keytab
> Acquire TGT using AS Exchange
> default etypes for default_tkt_enctypes: 18.
>>>> KrbAsReq calling createMessage
>>>> KrbAsReq in createMessage
>>>> KrbKdcReq send: kdc=openiddc.openidmdev.com UDP:88, timeout=30000, number
of retries =3, #bytes=168
>>>> KDCCommunication: kdc=openiddc.openidmdev.com UDP:88, timeout=30000,Attempt
=1, #bytes=168
>>>> KrbKdcReq send: #bytes read=210
>>>> KrbKdcReq send: #bytes read=210
>>>> KdcAccessibility: remove openiddc.openidmdev.com:88
>>>> KDCRep: init() encoding tag is 126 req type is 11
>>>> KRBError:
>           sTime is Mon Jun 03 13:11:49 EDT 2013 1370279509000
>           suSec is 608182
>           error code is 25
>           error Message is Additional pre-authentication required
>           realm is OPENIDMDEV.COM
>           sname is krbtgt/OPENIDMDEV.COM
>           eData provided.
>           msgType is 30
>>>> Pre-Authentication Data:
>           PA-DATA type = 19
>           PA-ETYPE-INFO2 etype = 18
>           PA-ETYPE-INFO2 salt = OPENIDMDEV.COMHTTPopenid-linux.openidmdev.com
>           PA-ETYPE-INFO2 s2kparams = null
> AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
> Updated salt from pre-auth = OPENIDMDEV.COMHTTPopenid-linux.openidmdev.com
>>>> KrbAsReq salt is OPENIDMDEV.COMHTTPopenid-linux.openidmdev.com
> default etypes for default_tkt_enctypes: 18.
> Pre-Authenticaton: find key for etype = 18
> AS-REQ: Add PA_ENC_TIMESTAMP now
>>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>>> KrbAsReq calling createMessage
>>>> KrbAsReq in createMessage
>>>> KrbKdcReq send: kdc=openiddc.openidmdev.com UDP:88, timeout=30000, number
of retries =3, #bytes=255
>>>> KDCCommunication: kdc=openiddc.openidmdev.com UDP:88, timeout=30000,Attempt
=1, #bytes=255
>>>> KrbKdcReq send: #bytes read=100
>>>> KrbKdcReq send: #bytes read=100
>>>> KdcAccessibility: remove openiddc.openidmdev.com:88
>>>> KDCRep: init() encoding tag is 126 req type is 11
>>>> KRBError:
>           sTime is Mon Jun 03 13:11:49 EDT 2013 1370279509000
>           suSec is 614041
>           error code is 52
>           error Message is Response too big for UDP, retry with TCP
>           realm is OPENIDMDEV.COM
>           sname is krbtgt/OPENIDMDEV.COM
>           msgType is 30
>>>> KrbKdcReq send: kdc=openiddc.openidmdev.com TCP:88, timeout=30000, number
of retries =3, #bytes=255
>>>> KDCCommunication: kdc=openiddc.openidmdev.com TCP:88, timeout=30000,Attempt
=1, #bytes=255
>>>> DEBUG: TCPClient reading 1611 bytes
>>>> KrbKdcReq send: #bytes read=1611
>>>> KrbKdcReq send: #bytes read=1611
>>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>>> KrbAsRep cons in KrbAsReq.getReply HTTP/openid-linux.openidmdev.com
> principal is HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM
> EncryptionKey: keyType=18 keyBytes (hex dump)=0000: F3 27 EC F5 C3 55 4D E0   01 F5 40
7E DB 2F DB 0C  .'...UM...@../..
> 0010: F6 4C 17 56 91 A6 A6 D4   3C 4B 5A BE F6 41 49 07  .L.V....<KZ..AI.
> Added server's keyKerberos Principal HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COMKey
Version 0key EncryptionKey: keyType=18 keyBytes (hex dump)=
> 0000: F3 27 EC F5 C3 55 4D E0   01 F5 40 7E DB 2F DB 0C  .'...UM...@../..
> 0010: F6 4C 17 56 91 A6 A6 D4   3C 4B 5A BE F6 41 49 07  .L.V....<KZ..AI.
>
>                  [Krb5LoginModule] added Krb5Principal  HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM
to Subject
> Commit Succeeded
> Search Subject for SPNEGO ACCEPT cred (<<DEF>>, sun.security.jgss.spnego.SpNegoCredElement)
> Search Subject for Kerberos V5 ACCEPT cred (<<DEF>>, sun.security.jgss.krb5.Krb5AcceptCredential)
> Found key for HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM(18)
> Entered Krb5Context.acceptSecContext with state=STATE_NEW
>                  [Krb5LoginModule]: Entering logout
>                  [Krb5LoginModule]: logged out Subject
> Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache
is null isInitiator true KeyTab is /usr/share/tomcat7c/conf/tomcat7.keytab refreshKrb5Config
is false principal is HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM tryFirstPass is false
useFirstPass is false storePass is false clearPass is false
> KeyTab instance already exists
> Added key: 18version: 0
> Ordering keys wrt default_tkt_enctypes list
> default etypes for default_tkt_enctypes: 18.
> 0: EncryptionKey: keyType=18 kvno=0 keyValue (hex dump)=
> 0000: F3 27 EC F5 C3 55 4D E0   01 F5 40 7E DB 2F DB 0C  .'...UM...@../..
> 0010: F6 4C 17 56 91 A6 A6 D4   3C 4B 5A BE F6 41 49 07  .L.V....<KZ..AI.
>
> principal's key obtained from the keytab
> Acquire TGT using AS Exchange
> default etypes for default_tkt_enctypes: 18.
>>>> KrbAsReq calling createMessage
>>>> KrbAsReq in createMessage
>>>> KrbKdcReq send: kdc=openiddc.openidmdev.com UDP:88, timeout=30000, number
of retries =3, #bytes=168
>>>> KDCCommunication: kdc=openiddc.openidmdev.com UDP:88, timeout=30000,Attempt
=1, #bytes=168
>>>> KrbKdcReq send: #bytes read=210
>>>> KrbKdcReq send: #bytes read=210
>>>> KdcAccessibility: remove openiddc.openidmdev.com:88
>>>> KDCRep: init() encoding tag is 126 req type is 11
>>>> KRBError:
>           sTime is Mon Jun 03 13:11:56 EDT 2013 1370279516000
>           suSec is 589895
>           error code is 25
>           error Message is Additional pre-authentication required
>           realm is OPENIDMDEV.COM
>           sname is krbtgt/OPENIDMDEV.COM
>           eData provided.
>           msgType is 30
>>>> Pre-Authentication Data:
>           PA-DATA type = 19
>           PA-ETYPE-INFO2 etype = 18
>           PA-ETYPE-INFO2 salt = OPENIDMDEV.COMHTTPopenid-linux.openidmdev.com
>           PA-ETYPE-INFO2 s2kparams = null
> AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
> Updated salt from pre-auth = OPENIDMDEV.COMHTTPopenid-linux.openidmdev.com
>>>> KrbAsReq salt is OPENIDMDEV.COMHTTPopenid-linux.openidmdev.com
> default etypes for default_tkt_enctypes: 18.
> Pre-Authenticaton: find key for etype = 18
> AS-REQ: Add PA_ENC_TIMESTAMP now
>>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>>> KrbAsReq calling createMessage
>>>> KrbAsReq in createMessage
>>>> KrbKdcReq send: kdc=openiddc.openidmdev.com UDP:88, timeout=30000, number
of retries =3, #bytes=255
>>>> KDCCommunication: kdc=openiddc.openidmdev.com UDP:88, timeout=30000,Attempt
=1, #bytes=255
>>>> KrbKdcReq send: #bytes read=100
>>>> KrbKdcReq send: #bytes read=100
>>>> KdcAccessibility: remove openiddc.openidmdev.com:88
>>>> KDCRep: init() encoding tag is 126 req type is 11
>>>> KRBError:
>           sTime is Mon Jun 03 13:11:56 EDT 2013 1370279516000
>           suSec is 595755
>           error code is 52
>           error Message is Response too big for UDP, retry with TCP
>           realm is OPENIDMDEV.COM
>           sname is krbtgt/OPENIDMDEV.COM
>           msgType is 30
>>>> KrbKdcReq send: kdc=openiddc.openidmdev.com TCP:88, timeout=30000, number
of retries =3, #bytes=255
>>>> KDCCommunication: kdc=openiddc.openidmdev.com TCP:88, timeout=30000,Attempt
=1, #bytes=255
>>>> DEBUG: TCPClient reading 1611 bytes
>>>> KrbKdcReq send: #bytes read=1611
>>>> KrbKdcReq send: #bytes read=1611
>>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>>> KrbAsRep cons in KrbAsReq.getReply HTTP/openid-linux.openidmdev.com
> principal is HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM
> EncryptionKey: keyType=18 keyBytes (hex dump)=0000: F3 27 EC F5 C3 55 4D E0   01 F5 40
7E DB 2F DB 0C  .'...UM...@../..
> 0010: F6 4C 17 56 91 A6 A6 D4   3C 4B 5A BE F6 41 49 07  .L.V....<KZ..AI.
> Added server's keyKerberos Principal HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COMKey
Version 0key EncryptionKey: keyType=18 keyBytes (hex dump)=
> 0000: F3 27 EC F5 C3 55 4D E0   01 F5 40 7E DB 2F DB 0C  .'...UM...@../..
> 0010: F6 4C 17 56 91 A6 A6 D4   3C 4B 5A BE F6 41 49 07  .L.V....<KZ..AI.
>
>                  [Krb5LoginModule] added Krb5Principal  HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM
to Subject
> Commit Succeeded
> Search Subject for SPNEGO ACCEPT cred (<<DEF>>, sun.security.jgss.spnego.SpNegoCredElement)
> Search Subject for Kerberos V5 ACCEPT cred (<<DEF>>, sun.security.jgss.krb5.Krb5AcceptCredential)
> Found key for HTTP/openid-linux.openidmdev.com@OPENIDMDEV.COM(18)
> Entered Krb5Context.acceptSecContext with state=STATE_NEW
>                  [Krb5LoginModule]: Entering logout
>                  [Krb5LoginModule]: logged out Subject
>
>
> --
>
> ________________________________________
> From: Felix Schumacher [felix.schumacher@internetallee.de]
> Sent: Sunday, June 02, 2013 12:20 PM
> To: users@tomcat.apache.org
> Subject: Re: Tomcat7 and SPNEGO configuration questions
>
> Hi Edward,
>
> a few more questions:
>
>    * What is your CATALINA_BASE and what CATALINA_HOME?
>    * Have you verified, that your options (set by your JAVA_OPTS) are
> really used by your tomcat installation?
>
> Greetings
>    Felix
>
> Am 31.05.2013 17:17, schrieb Edward Siewick:
>> Hi.
>>
>> I'm trying to get a baseline configuration working, following the http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html.
I'm apparently off in the weeds having missed something, though. So I'd really appreciate
a sanity check of my configuration, and the testcase I'm attempting.  I've got something messed
up, and I'm looking for guidance on what to check.
>>
>> Environment is:
>> Tomcat-7.0.33
>> Redhat RHEL 6.3
>> Linux openid-linux 2.6.32-279.el6.x86_64 #1 SMP Wed Jun 13 18:24:36 EDT 2012 x86_64
x86_64 x86_64 GNU/Linux
>>
>> AD is on a Win2008R2 server.
>> Client is MSIE on a Win2007 workstation. "Enable Integrated Windows Authentication"
is set to true.
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message