From users-return-243053-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org Tue Aug 6 14:16:19 2013 Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9A49910417 for ; Tue, 6 Aug 2013 14:16:19 +0000 (UTC) Received: (qmail 90367 invoked by uid 500); 6 Aug 2013 14:16:15 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 90225 invoked by uid 500); 6 Aug 2013 14:16:15 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 89814 invoked by uid 99); 6 Aug 2013 14:16:14 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Aug 2013 14:16:14 +0000 X-ASF-Spam-Status: No, hits=0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE X-Spam-Check-By: apache.org Received-SPF: error (nike.apache.org: local policy) Received: from [76.96.59.227] (HELO qmta12.westchester.pa.mail.comcast.net) (76.96.59.227) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Aug 2013 14:16:08 +0000 Received: from omta13.westchester.pa.mail.comcast.net ([76.96.62.52]) by qmta12.westchester.pa.mail.comcast.net with comcast id 9Pic1m00217dt5G5CSFTxF; Tue, 06 Aug 2013 14:15:27 +0000 Received: from Christophers-MacBook-Pro.local ([71.232.232.167]) by omta13.westchester.pa.mail.comcast.net with comcast id 9SFS1m00p3dMwMT3ZSFSS1; Tue, 06 Aug 2013 14:15:27 +0000 Message-ID: <52010500.9070608@christopherschultz.net> Date: Tue, 06 Aug 2013 10:15:28 -0400 From: Christopher Schultz User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 MIME-Version: 1.0 To: Tomcat Users List Subject: Re: LDAP/Realm with TLS in Tomcat 6/7? References: ,<5200DFC9.80009@gmail.com> In-Reply-To: X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20121106; t=1375798527; bh=tCQ1qrjk+3mw65t3YJQs51l8CmyPvmuTDDdSpLCAg2M=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=nZ1mL2Mp9/3LNXexI8TjpXey0cr4XJ95/uJRJXrhwS7MOBKEcNSlYdelavJsJrZV6 wQ4Vah9JtGURsy0jHrRwFY+SUEk12vfzNv0Xlgqi1ZskF3usZFNKPFmGWcXa4f7M6i 1jZP9sPftNYMFeCErVdAxGdhtYri5p7Xa6SKnMECPjVCte8U5RdKxNwIS9AtoogqWw 9jgojhxFA7sy8f5Mhd82Alc17OVfg8I/L9hPRB4xOVW4teLvG66lMx8CMoDU8FF2E3 9QxKBXAurvEKtLqFQ3WFMr2IPez/tmCQsxMS2zu4/CpYHscD4lDvmxSKwwklMm8Kza dKvqTw/jgVtLg== X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jens, Please ignore Martin's response, because: a) It incorrectly identifies the issue (Connector versus Realm) b) Gives you a link to outdated documentation (3 versions older) - -chris On 8/6/13 8:21 AM, Martin Gainty wrote: > you will need to supply any security credentials to that layer and > inform the connector you are using protocol="TLS" and match each > attribute to attribute from the supplied key package (.pfx/.p7b) > > http://tomcat.apache.org/tomcat-4.1-doc/ssl-howto.html > > HTH, Martin ______________________________________________ Verzicht > und Vertraulichkeitanmerkung/Note de déni et de confidentialité > > Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene > Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede > unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. > Diese Nachricht dient lediglich dem Austausch von Informationen und > entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten > Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den > Inhalt uebernehmen. > > Ce message est confidentiel et peut être privilégié. Si vous n'êtes > pas le destinataire prévu, nous te demandons avec bonté que pour > satisfaire informez l'expéditeur. N'importe quelle diffusion non > autorisée ou la copie de ceci est interdite. Ce message sert à > l'information seulement et n'aura pas n'importe quel effet > légalement obligatoire. Étant donné que les email peuvent > facilement être sujets à la manipulation, nous ne pouvons accepter > aucune responsabilité pour le contenu fourni. > > >> Date: Tue, 6 Aug 2013 13:36:41 +0200 From: >> ognjen.d.blagojevic@gmail.com To: users@tomcat.apache.org >> Subject: Re: LDAP/Realm with TLS in Tomcat 6/7? >> >> Jens, >> >> On 6.8.2013 12:44, Jens Neu wrote: >>> is there a lib/method/whatever to achieve Realm Auth in Tomcat >>> > 5.x where username/password are protected by TLS? >> >> I never tried it myself, but you might find these links useful: >> >> https://wiki.apache.org/tomcat/JNDI_startTLs_HowTo >> https://issues.apache.org/bugzilla/show_bug.cgi?id=49785 >> https://www.mail-archive.com/users@tomcat.apache.org/msg80660.html >> >> >>> >> org.apache.catalina.realm.JNDIRealm works with Tomcat 5, but not in 6 :-( >> >> JNDIRealm should work just fine in any supported Tomcat version. >> If you have any problems with it, please report it here. >> >> BTW, if you are already upgrading, you may consider to upgrade >> directly to latest Tomcat 7, to save yourself from doing two >> upgrades. >> >> -Ognjen >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >> For additional commands, e-mail: users-help@tomcat.apache.org >> > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSAQUAAAoJEBzwKT+lPKRYb/AQAKCewt4vbjJy+VwB2cMv5lWo 7XckXggeq/G4H8x4JgJ1ylTqYUwZaHa3AtClucjyfuORbW1SYioW5SJIvDiSC80k zXbeEpcBPRMHrofCYCwONYNH/bnIy+Z1Q7xL6JMjoiDrRSjADBSr/v8BJUF1Frnj SIxo6PfyWFrTVmHdZz9IWDrYy14k88a1jPl6Jo42xnq18oV5CnHbCVKBx4tEpDF2 lOmPgxjmmNbJ+IJjUJfWpTGm1KIuKl4W56reMTYrmgOolG7CCAbbxkV3SGSB+HRI xoI2TzMvrzDjMnNPdZoOoMhH594zVqsAtTKiUnPoWWoIYMKMw+hZJEy2aGVudhhe EC3q3+riwq36oGcrmWLfXlfKTt7hgoYhSxhV/ZEOWU2W73nj6pZjY89NZqhZvC+S cdzKuFxYf5kMk7P2IqaNLyfpw9a0unZ9UxHEnPy1NHetPL/BMp8h39xJdtSyZw// DTFSrfinua1rNvXbLplenmVGlk6eQYu/Ps63cpVOFy14xjcq2a1mThnYNWhp+Mbb kszeIxs1+vVDpH49b9kcZZYjuWrLbB3/0dBxiVnN99Yr2rq8lFUFZQ0b140jZ6AY LDPy3R4eyQR8/x68LrMXPRpiTomCQalsKeoN6HlFgZzPyzf6zU0WaNEWytQp1ksD YoLHmw6IFCtof0hTUxkZ =Ws3u -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org