Tomcat Security/Service question..

[Joe Siebenmann <jo...@yahoo.com>]

Hi All,

Basically, I have a Tomcat Service that has a "Service User"
with a User name and Password, and it's in the Administrator's
Group.

Using WMI, one of the Servlets can connect to a remote machine
and do WMI quires.

Here is the problem..  When I start the Service, that uses tomcat5.exe,
it can connect okay, but the WMI query fails, but when I CD into
Webserver\bin and do a "catalina run" then everything works great,
it connects and any query works perfectly!

I realize that there are a ton of Windows Security issues involved
with connecting to a remote machine, and doing any query using WMI, and
I'm already investigating that, but when the exact same code, running
on the Service has problems, but using "catalina run" magically
works, tells me that something else is going on..

I'm running around in circles looking at Access Tokens, Security
Descriptors, etc. and not getting anywhere.

Why does everything "work" when I use "catalina run"?
It has to be more than "it's using my user credentials when I
do 'catalina run'"..  The Service User is in the Administrator's
Group.

If anyone has any insight on why this is happening, and if there
is some way to make everything work using the tomcat5.exe Service,
I'd really appreciate hearing from you.


Thanks,

Joe Siebenmann  


      ____________________________________________________________________________________
Get easy, one-click access to your favorites. 
Make Yahoo! your homepage.
http://www.yahoo.com/r/hs 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat Security/Service question..

[br1 <my...@myrealbox.com>]

Joe,

I would try running the service under your credentials. If it works, it's
not a Tomcat problem.

In general, the user has to be recognized both by the local machine and by
the remote machines that you are trying to query. The "service user" you are
using might not have the necessary rights on the remote machines.
You can try creating a local user with the same name and password on each
target machine, or simply use a domain user for this job.

Hope it helps,
b.


Joe Siebenmann wrote:
> 
> Hi All,
> 
> Basically, I have a Tomcat Service that has a "Service User"
> with a User name and Password, and it's in the Administrator's
> Group.
> 
> Using WMI, one of the Servlets can connect to a remote machine
> and do WMI quires.
> 
> Here is the problem..  When I start the Service, that uses tomcat5.exe,
> it can connect okay, but the WMI query fails, but when I CD into
> Webserver\bin and do a "catalina run" then everything works great,
> it connects and any query works perfectly!
> 
> I realize that there are a ton of Windows Security issues involved
> with connecting to a remote machine, and doing any query using WMI, and
> I'm already investigating that, but when the exact same code, running
> on the Service has problems, but using "catalina run" magically
> works, tells me that something else is going on..
> 
> I'm running around in circles looking at Access Tokens, Security
> Descriptors, etc. and not getting anywhere.
> 
> Why does everything "work" when I use "catalina run"?
> It has to be more than "it's using my user credentials when I
> do 'catalina run'"..  The Service User is in the Administrator's
> Group.
> 
> If anyone has any insight on why this is happening, and if there
> is some way to make everything work using the tomcat5.exe Service,
> I'd really appreciate hearing from you.
> 
> 
> Thanks,
> 
> Joe Siebenmann 
> 
> 

-- 
View this message in context: http://www.nabble.com/Tomcat-Security-Service-question..-tf4899459.html#a14036850
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org