You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Nikhil <mn...@gmail.com> on 2008/07/14 12:52:20 UTC
[users@httpd] Re: tomcat, apache with mod_jk and mod_auth_kerb
On Mon, Jul 14, 2008 at 2:39 PM, Rainer Jung <ra...@kippdata.de>
wrote:
>
>> First of all 5.5.12 is very outdated and also very early in the 5.5
> release cycle.
>
> You need to add 'tomcatAuthentication="false"' in the Connector element for
> your AJP connector. The connector you showed us above is
>
> - an https connector
> - a comment and not active
>
> At least two good reasons, why this is not the right one. The AJP Connector
> is the one, which uses port 8009 in the default configuration and which you
> can identify by 'protocol="AJP/1.3"'.
>
>
> Regards,
>
> Rainer
>
Oops.. here is the http connector line in my configuration:
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="64080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
Thanks Rainer. I will try out the later releases.. may be tomcat6 itself.
Nikhil
Re: [users@httpd] Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nick Kew <ni...@webthing.com>.
On Mon, 14 Jul 2008 19:14:02 +0530
Nikhil <mn...@gmail.com> wrote:
> On Mon, Jul 14, 2008 at 5:00 PM, Rainer Jung <ra...@kippdata.de>
> wrote:
No he didn't. Well, not in users@httpd.
Please don't add this list when following up to a post on a different
list. It's just confusing.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
On Wed, Jul 16, 2008 at 8:06 PM, Rainer Jung <ra...@kippdata.de>
wrote:
> Thanks Rainer. If I want to explicitly pass an environment variable from
>> the httpd to the tomcat, I am using the RequestHeader, JkEnvVar, Setenv
>> but
>> unable to have them as it is passed in the tomcat... how do I go about
>> that?
>> While I am completely convinced to use getRemoteUser() method only for
>> getting the authenticated principal...
>>
>
> If you've already set a value in some variable "xxx", then you configure
>
> JkEnvVar xxx
>
> On the Tomcat side, you retrieve the value by request.getAttribute("xxx");
>
>
> Regards,
>
> Rainer
>
Thanks Rainer.
SetHandler jakarta-servlet
SetEnv JK_WORKER_NAME my-tomcat
JkEnvVar REMOTE_USER
This is working now... I am able to read the REMOTE_USER variable via
getAttribute method.
I was blindly using two arguments to JkEnvVar earlier.
Thanks a lot for all the patience and help!. :-)
Regards, Nikhil
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Rainer Jung <ra...@kippdata.de>.
> Thanks Rainer. If I want to explicitly pass an environment variable from
> the httpd to the tomcat, I am using the RequestHeader, JkEnvVar, Setenv but
> unable to have them as it is passed in the tomcat... how do I go about
> that?
> While I am completely convinced to use getRemoteUser() method only for
> getting the authenticated principal...
If you've already set a value in some variable "xxx", then you configure
JkEnvVar xxx
On the Tomcat side, you retrieve the value by request.getAttribute("xxx");
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
On Wed, Jul 16, 2008 at 3:22 PM, Rainer Jung <ra...@kippdata.de>
wrote:
> Nikhil schrieb:
>
> On Wed, Jul 16, 2008 at 2:52 PM, Rainer Jung <ra...@kippdata.de>
>> wrote:
>>
>> To repeat two of my questions:
>>>
>>> What do you expect to be the value of the 'REMOTE_USER' variable?
>>>
>>> Do you expect something else, than what you get from
>>> request.getRemoteUser()?
>>>
>>> After I understand that, we can find an appropriate solution.
>>>
>>>
>>> Regards,
>>>
>>> Rainer
>>>
>>>
>> Hi Rainer,
>>
>> REMOTE_USER variable value is always expected to be as set by the httpd
>> process and passed onto the tomcat.
>>
>>> Do you expect something else, than what you get from
>>>>
>>> request.getRemoteUser()?
>> No, but I would not want to have this method invoked everytime I want to
>> know a logged in account instead an already set (global) variable value
>> (preferrably by httpd and passed onto the tomcat) would do.
>>
>
> OK. REMOTE_USER goes back to the times oF CGI. At that time the web server
> could only pass along information to the CGI process via environmnt
> variables, because it had to start an external process for doing CGI.
>
> The servlet spec tries to make the same information available in the
> context of a java web container. The correct way of retrieving the name of
> the authenticated user from the container *is* request.getRemoteUser(). In
> java you would nearly always implement a "global variable" as a member of
> some object, which you retrieve via a getter function.
> request.getRemoteUser() is the right and standards conforming way to do it.
>
> When the web container has a web server in front, e.g. Apache httpd and a
> connection component like mod_jk, usually the combination tries to hide the
> information, that the architecture is more complex, from the webapp
> developer. So Apache/mod_jk/Tomcat correctly configured provide the user
> name authenticated by httpd to the webapp in exactly the same way, as it
> would be seen without Apache and mod_jk. That way the developer doesn't have
> to know the details. So using request.gerRemoteUser() still is the correct
> way.
>
> The only thing to configure is tomcatAuthentiction="false" in order to tell
> Tomcat to trust the authentication done by Apache and not try to do
> authentication itself.
>
>
> Regards,
>
> Rainer
>
Thanks Rainer. If I want to explicitly pass an environment variable from
the httpd to the tomcat, I am using the RequestHeader, JkEnvVar, Setenv but
unable to have them as it is passed in the tomcat... how do I go about
that?
While I am completely convinced to use getRemoteUser() method only for
getting the authenticated principal...
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
Thanks for the explanation, Rainer. Fine, I am going with using the method
only then...
Regards,
Nikhil
On Wed, Jul 16, 2008 at 3:22 PM, Rainer Jung <ra...@kippdata.de>
wrote:
> Nikhil schrieb:
>
> On Wed, Jul 16, 2008 at 2:52 PM, Rainer Jung <ra...@kippdata.de>
>> wrote:
>>
>> To repeat two of my questions:
>>>
>>> What do you expect to be the value of the 'REMOTE_USER' variable?
>>>
>>> Do you expect something else, than what you get from
>>> request.getRemoteUser()?
>>>
>>> After I understand that, we can find an appropriate solution.
>>>
>>>
>>> Regards,
>>>
>>> Rainer
>>>
>>>
>> Hi Rainer,
>>
>> REMOTE_USER variable value is always expected to be as set by the httpd
>> process and passed onto the tomcat.
>>
>>> Do you expect something else, than what you get from
>>>>
>>> request.getRemoteUser()?
>> No, but I would not want to have this method invoked everytime I want to
>> know a logged in account instead an already set (global) variable value
>> (preferrably by httpd and passed onto the tomcat) would do.
>>
>
> OK. REMOTE_USER goes back to the times oF CGI. At that time the web server
> could only pass along information to the CGI process via environmnt
> variables, because it had to start an external process for doing CGI.
>
> The servlet spec tries to make the same information available in the
> context of a java web container. The correct way of retrieving the name of
> the authenticated user from the container *is* request.getRemoteUser(). In
> java you would nearly always implement a "global variable" as a member of
> some object, which you retrieve via a getter function.
> request.getRemoteUser() is the right and standards conforming way to do it.
>
> When the web container has a web server in front, e.g. Apache httpd and a
> connection component like mod_jk, usually the combination tries to hide the
> information, that the architecture is more complex, from the webapp
> developer. So Apache/mod_jk/Tomcat correctly configured provide the user
> name authenticated by httpd to the webapp in exactly the same way, as it
> would be seen without Apache and mod_jk. That way the developer doesn't have
> to know the details. So using request.gerRemoteUser() still is the correct
> way.
>
> The only thing to configure is tomcatAuthentiction="false" in order to tell
> Tomcat to trust the authentication done by Apache and not try to do
> authentication itself.
>
>
> Regards,
>
> Rainer
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Nikhil
Google is Great !
Re: websession variables
Posted by Hassan Schroeder <ha...@gmail.com>.
On Wed, Jul 16, 2008 at 6:18 AM, Marcos <mm...@adinet.com.uy> wrote:
> Somebody knows how can i setup the timeout for websession variables in tomcat
> 5.5 ?
> i know i can change this in .xml configuration file, but, i want to do it
> by program, script or something ?
> Is it possible ?
See the Servlet API for HttpSession.
HTH,
--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
websession variables
Posted by Marcos <mm...@adinet.com.uy>.
Hi
Somebody knows how can i setup the timeout for websession variables in tomcat
5.5 ?
i know i can change this in .xml configuration file, but, i want to do it
by program, script or something ?
Is it possible ?
thanks.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Rainer Jung <ra...@kippdata.de>.
Nikhil schrieb:
> On Wed, Jul 16, 2008 at 2:52 PM, Rainer Jung <ra...@kippdata.de>
> wrote:
>
>> To repeat two of my questions:
>>
>> What do you expect to be the value of the 'REMOTE_USER' variable?
>>
>> Do you expect something else, than what you get from
>> request.getRemoteUser()?
>>
>> After I understand that, we can find an appropriate solution.
>>
>>
>> Regards,
>>
>> Rainer
>>
>
> Hi Rainer,
>
> REMOTE_USER variable value is always expected to be as set by the httpd
> process and passed onto the tomcat.
>>> Do you expect something else, than what you get from
> request.getRemoteUser()?
> No, but I would not want to have this method invoked everytime I want to
> know a logged in account instead an already set (global) variable value
> (preferrably by httpd and passed onto the tomcat) would do.
OK. REMOTE_USER goes back to the times oF CGI. At that time the web
server could only pass along information to the CGI process via
environmnt variables, because it had to start an external process for
doing CGI.
The servlet spec tries to make the same information available in the
context of a java web container. The correct way of retrieving the name
of the authenticated user from the container *is*
request.getRemoteUser(). In java you would nearly always implement a
"global variable" as a member of some object, which you retrieve via a
getter function. request.getRemoteUser() is the right and standards
conforming way to do it.
When the web container has a web server in front, e.g. Apache httpd and
a connection component like mod_jk, usually the combination tries to
hide the information, that the architecture is more complex, from the
webapp developer. So Apache/mod_jk/Tomcat correctly configured provide
the user name authenticated by httpd to the webapp in exactly the same
way, as it would be seen without Apache and mod_jk. That way the
developer doesn't have to know the details. So using
request.gerRemoteUser() still is the correct way.
The only thing to configure is tomcatAuthentiction="false" in order to
tell Tomcat to trust the authentication done by Apache and not try to do
authentication itself.
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
On Wed, Jul 16, 2008 at 2:52 PM, Rainer Jung <ra...@kippdata.de>
wrote:
>
> To repeat two of my questions:
>
> What do you expect to be the value of the 'REMOTE_USER' variable?
>
> Do you expect something else, than what you get from
> request.getRemoteUser()?
>
> After I understand that, we can find an appropriate solution.
>
>
> Regards,
>
> Rainer
>
Hi Rainer,
REMOTE_USER variable value is always expected to be as set by the httpd
process and passed onto the tomcat.
>>Do you expect something else, than what you get from
request.getRemoteUser()?
No, but I would not want to have this method invoked everytime I want to
know a logged in account instead an already set (global) variable value
(preferrably by httpd and passed onto the tomcat) would do.
Regards, Nikhil
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Rainer Jung <ra...@kippdata.de>.
Nikhil schrieb:
> On Tue, Jul 15, 2008 at 6:35 PM, Rainer Jung <ra...@kippdata.de>
> wrote:
>
> What do you expect to be the value of the 'REMOTE_USER' variable? Do you
>> expoect something else, than what you get from request.getRemoteUser()? What
>> do you mean by variable? Maybe an httpd environment Variable?
>>
>>
> Precisely. I also need the httpd environment variable REMOTE_USER also
> passed to the tomcat .... I have this in my httpd.conf ... and I am reading
> all the environment variables(apart from the headers) in the jsp but have
> these values set to null... am I missing anything specific with these
> directives?
>
>
> SetHandler jakarta-servlet
> RequestHeader set X_REMOTE_USER %{RU}e
> SetEnv SET_REMOTE_USER %{REMOTE_USER}e
> JkEnvVar JK_REMOTE_USER %{remoteUser}e
To repeat two of my questions:
What do you expect to be the value of the 'REMOTE_USER' variable?
Do you expect something else, than what you get from
request.getRemoteUser()?
After I understand that, we can find an appropriate solution.
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
I tried using both getAttribute methods and getHeaderNames/getHeaders
methods but unfortunately the variables are set to null
On Wed, Jul 16, 2008 at 2:01 PM, André Warnier <aw...@ice-sa.com> wrote:
> Nikhil wrote:
>
>> On Tue, Jul 15, 2008 at 6:35 PM, Rainer Jung <ra...@kippdata.de>
>> wrote:
>>
>> What do you expect to be the value of the 'REMOTE_USER' variable? Do you
>>
>>> expoect something else, than what you get from request.getRemoteUser()?
>>> What
>>> do you mean by variable? Maybe an httpd environment Variable?
>>>
>>>
>>> Precisely. I also need the httpd environment variable REMOTE_USER also
>> passed to the tomcat .... I have this in my httpd.conf ... and I am
>> reading
>> all the environment variables(apart from the headers) in the jsp but have
>> these values set to null... am I missing anything specific with these
>> directives?
>>
>>
>> SetHandler jakarta-servlet
>> RequestHeader set X_REMOTE_USER %{RU}e
>> SetEnv SET_REMOTE_USER %{REMOTE_USER}e
>> JkEnvVar JK_REMOTE_USER %{remoteUser}e
>>
>> As far as I know, REMOTE_USER is a *http header* of the request, added
> automatically by the browser if the user is authenticated. And as all http
> request headers, it is always passed on to Tomcat.
> At the Tomcat level, you can retrieve it like any other http header (I
> don't remember the precise way).
> But this has nothing to do with "environment values".
> In other words, you do not really need to mess around with environment
> values in Apache/Tomcat (like above), just retrieve the corresponding http
> header, it should already be there.
> No ?
>
> André
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Nikhil
Google is Great !
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by André Warnier <aw...@ice-sa.com>.
Nikhil wrote:
> On Tue, Jul 15, 2008 at 6:35 PM, Rainer Jung <ra...@kippdata.de>
> wrote:
>
> What do you expect to be the value of the 'REMOTE_USER' variable? Do you
>> expoect something else, than what you get from request.getRemoteUser()? What
>> do you mean by variable? Maybe an httpd environment Variable?
>>
>>
> Precisely. I also need the httpd environment variable REMOTE_USER also
> passed to the tomcat .... I have this in my httpd.conf ... and I am reading
> all the environment variables(apart from the headers) in the jsp but have
> these values set to null... am I missing anything specific with these
> directives?
>
>
> SetHandler jakarta-servlet
> RequestHeader set X_REMOTE_USER %{RU}e
> SetEnv SET_REMOTE_USER %{REMOTE_USER}e
> JkEnvVar JK_REMOTE_USER %{remoteUser}e
>
As far as I know, REMOTE_USER is a *http header* of the request, added
automatically by the browser if the user is authenticated. And as all
http request headers, it is always passed on to Tomcat.
At the Tomcat level, you can retrieve it like any other http header (I
don't remember the precise way).
But this has nothing to do with "environment values".
In other words, you do not really need to mess around with environment
values in Apache/Tomcat (like above), just retrieve the corresponding
http header, it should already be there.
No ?
André
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
On Tue, Jul 15, 2008 at 6:35 PM, Rainer Jung <ra...@kippdata.de>
wrote:
What do you expect to be the value of the 'REMOTE_USER' variable? Do you
> expoect something else, than what you get from request.getRemoteUser()? What
> do you mean by variable? Maybe an httpd environment Variable?
>
>
Precisely. I also need the httpd environment variable REMOTE_USER also
passed to the tomcat .... I have this in my httpd.conf ... and I am reading
all the environment variables(apart from the headers) in the jsp but have
these values set to null... am I missing anything specific with these
directives?
SetHandler jakarta-servlet
RequestHeader set X_REMOTE_USER %{RU}e
SetEnv SET_REMOTE_USER %{REMOTE_USER}e
JkEnvVar JK_REMOTE_USER %{remoteUser}e
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Rainer Jung <ra...@kippdata.de>.
> Thats right and clueful. Yes, I modifued my httpd.conf to include the webapp
> location that I was going through and it updated the remote user, I was able
> to use have the result now properly set from the request.getRemoteUser call.
Fine.
> BUT, again, I was not able to pass the 'REMOTE_USER' variable. How can I do
> that in my httpd.conf.. any ideas what else do I need to add more in my
> httpd.conf ?
I don't understand, what you mean by "pass the 'REMOTE_USER' variable".
If you want to pass the name of the authenticated user, that's
request.getRemoteUser(), which now works.
What do you expect to be the value of the 'REMOTE_USER' variable? Do you
expoect something else, than what you get from request.getRemoteUser()?
What do you mean by variable? Maybe an httpd environment Variable?
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
On Tue, Jul 15, 2008 at 2:23 PM, Rainer Jung <ra...@kippdata.de>
wrote:
> Nikhil schrieb:
>
>> [Tue Jul 15 12:57:40 2008] [20026:0001] [debug] mod_jk.c (607): Service
>> protocol=HTTP/1.1 method=GET host=(null) addr=149.77.175.155 name=
>> is3.hyd.deshaw.com port=8080 auth=(null) user=(null)
>> laddr=149.77.160.20raddr=
>> 149.77.175.155
>>
>> --------------
>>
>> If noticed, auth=(null) and user=(null) are being set ... but I wonder
>> why?
>> Do I have to look somewhere else to make any changes too ?
>>
>
> That means, Apache httpd did not provide any authentication information.
> Looks like your authentication setup doesn't even work inside httpd.
>
> If it does work, the user name should get logged in your access log.
> Usually the default log format for the access log of httpd is "common",
> which contains the authenticated user name in the third column ("%u").
>
> If it isn't shown in the httpd access log, then you need to fix your
> authentication setup in httpd first.
>
> Regards,
>
>
> Rainer
>
Thats right and clueful. Yes, I modifued my httpd.conf to include the webapp
location that I was going through and it updated the remote user, I was able
to use have the result now properly set from the request.getRemoteUser call.
BUT, again, I was not able to pass the 'REMOTE_USER' variable. How can I do
that in my httpd.conf.. any ideas what else do I need to add more in my
httpd.conf ?
Thanks again, Rainer.
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Rainer Jung <ra...@kippdata.de>.
Nikhil schrieb:
> [Tue Jul 15 12:57:40 2008] [20026:0001] [debug] mod_jk.c (607): Service
> protocol=HTTP/1.1 method=GET host=(null) addr=149.77.175.155 name=
> is3.hyd.deshaw.com port=8080 auth=(null) user=(null) laddr=149.77.160.20raddr=
> 149.77.175.155
>
> --------------
>
> If noticed, auth=(null) and user=(null) are being set ... but I wonder why?
> Do I have to look somewhere else to make any changes too ?
That means, Apache httpd did not provide any authentication information.
Looks like your authentication setup doesn't even work inside httpd.
If it does work, the user name should get logged in your access log.
Usually the default log format for the access log of httpd is "common",
which contains the authenticated user name in the third column ("%u").
If it isn't shown in the httpd access log, then you need to fix your
authentication setup in httpd first.
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
While I am at it, I found this interesting information from the jk_logs:
--------------------------------
[Tue Jul 15 12:57:40 2008] [20026:0001] [debug] jk_uri_worker_map.c (589):
Attempting to map URI '/examples/jsp/rheaders.jsp' from 0 maps
[Tue Jul 15 12:57:40 2008] [20026:0001] [debug] jk_uri_worker_map.c (589):
Attempting to map URI '/examples/jsp/rheaders.jsp' from 0 maps
[Tue Jul 15 12:57:40 2008] [20026:0001] [debug] mod_jk.c (2092): Single
worker (default) configuration for /examples/jsp/rheaders.jsp
[Tue Jul 15 12:57:40 2008] [20026:0001] [debug] mod_jk.c (2111): Into
handler jakarta-servlet worker=default r->proxyreq=0
[Tue Jul 15 12:57:40 2008] [20026:0001] [debug] jk_worker.c (114): found a
worker default
[Tue Jul 15 12:57:40 2008] [20026:0001] [debug] jk_worker.c (321):
Maintaining worker default
[Tue Jul 15 12:57:40 2008] [20026:0001] [debug] jk_worker.c (290): Found
worker type 'ajp13'
[Tue Jul 15 12:57:40 2008] [20026:0001] [debug] mod_jk.c (607): Service
protocol=HTTP/1.1 method=GET host=(null) addr=149.77.175.155 name=
is3.hyd.deshaw.com port=8080 auth=(null) user=(null) laddr=149.77.160.20raddr=
149.77.175.155
--------------
If noticed, auth=(null) and user=(null) are being set ... but I wonder why?
Do I have to look somewhere else to make any changes too ?
On Tue, Jul 15, 2008 at 12:39 PM, Nikhil <mn...@gmail.com> wrote:
> I am still not able to get this straight. Looking at the server.xml tells
> me there is a userDatabase resource that is looked which I may need to
> comment? Could you please confirm?
> I am posting my server.xml (tomcat-6.0.16) for thoroughness so I do not
> miss any points here : Please let me know if I need to make any changes to
> configuration file.
>
> Thanks, Nikhil
>
> -------------------------
> <?xml version='1.0' encoding='utf-8'?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version 2.0
> (the "License"); you may not use this file except in compliance with
> the License. You may obtain a copy of the License at
>
> http://www.apache.org/licenses/LICENSE-2.0
>
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <!-- Note: A "Server" is not itself a "Container", so you may not
> define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/server.html
> -->
> <Server port="64005" shutdown="SHUTDOWN">
>
> <!--APR library loader. Documentation at /docs/apr.html -->
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
> <!--Initialize Jasper prior to webapps are loaded. Documentation at
> /docs/jasper-howto.html -->
> <Listener className="org.apache.catalina.core.JasperListener" />
> <!-- JMX Support for the Tomcat server. Documentation at
> /docs/non-existent.html -->
> <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
> />
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
>
> <!-- Global JNDI resources
> Documentation at /docs/jndi-resources-howto.html
> -->
> <GlobalNamingResources>
> <!-- Editable user database that can also be used by
> UserDatabaseRealm to authenticate users
> -->
> <Resource name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase"
> description="User database that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
> </GlobalNamingResources>
>
> <!-- A "Service" is a collection of one or more "Connectors" that share
> a single "Container" Note: A "Service" is not itself a "Container",
> so you may not define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/service.html
> -->
> <Service name="Catalina">
>
> <!--The connectors can use a shared executor, you can define one or
> more named thread pools-->
> <!--
> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>
> -->
>
>
> <!-- A "Connector" represents an endpoint by which requests are
> received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html (blocking &
> non-blocking)
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL HTTP/1.1 Connector on port 8080
> -->
> <Connector port="64080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> <!-- A "Connector" using the shared thread pool-->
> <!--
> <Connector executor="tomcatThreadPool"
> port="64080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> -->
> <!-- Define a SSL HTTP/1.1 Connector on port 8443
> This connector uses the JSSE configuration, when using APR, the
> connector should be using the OpenSSL style configuration
> described in the APR documentation -->
> <!--
> <Connector port="64083" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS" />
> -->
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <Connector port="64089" protocol="AJP/1.3" enableLookups="false"
> tomcatAuthentication="false" redirectPort="8443" />
>
>
> <!-- An Engine represents the entry point (within Catalina) that
> processes
> every request. The Engine implementation for Tomcat stand alone
> analyzes the HTTP headers included with the request, and passes
> them
> on to the appropriate Host (virtual host).
> Documentation at /docs/config/engine.html -->
>
> <!-- You should set jvmRoute to support load-balancing via AJP ie :
> <Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">
> -->
> <Engine name="Catalina" defaultHost="localhost">
>
> <!--For clustering, please take a look at documentation at:
> /docs/cluster-howto.html (simple how to)
> /docs/config/cluster.html (reference documentation) -->
> <!--
> <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
>
> <!-- The request dumper valve dumps useful debugging information
> about
> the request and response data received and sent by Tomcat.
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
> -->
>
> <!-- This Realm uses the UserDatabase configured in the global JNDI
> resources under the key "UserDatabase". Any edits
> that are performed against this UserDatabase are immediately
> available for use by the Realm. -->
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
>
> <!-- Define the default virtual host
> Note: XML Schema validation will not work with Xerces 2.2.
> -->
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true"
> xmlValidation="false" xmlNamespaceAware="false">
>
> <!-- SingleSignOn valve, share authentication between web
> applications
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.authenticator.SingleSignOn"
> />
> -->
>
> <!-- Access log processes all example.
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
> prefix="localhost_access_log." suffix=".txt"
> pattern="common" resolveHosts="false"/>
> -->
>
> </Host>
> </Engine>
> </Service>
> </Server>
> =========================================
>
>
>
>
--
Nikhil
Google is Great !
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
I am still not able to get this straight. Looking at the server.xml tells me
there is a userDatabase resource that is looked which I may need to
comment? Could you please confirm?
I am posting my server.xml (tomcat-6.0.16) for thoroughness so I do not miss
any points here : Please let me know if I need to make any changes to
configuration file.
Thanks, Nikhil
-------------------------
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="64005" shutdown="SHUTDOWN">
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at
/docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- JMX Support for the Tomcat server. Documentation at
/docs/non-existent.html -->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
/>
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more
named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking &
non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="64080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="64080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="64083" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="64089" protocol="AJP/1.3" enableLookups="false"
tomcatAuthentication="false" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that
processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes
them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- The request dumper valve dumps useful debugging information about
the request and response data received and sent by Tomcat.
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
-->
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<!-- SingleSignOn valve, share authentication between web
applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log." suffix=".txt" pattern="common"
resolveHosts="false"/>
-->
</Host>
</Engine>
</Service>
</Server>
=========================================
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
On Mon, Jul 14, 2008 at 7:46 PM, Rainer Jung <ra...@kippdata.de>
wrote:
> Use request.getRemoteUser()
>
> HTH
>
>
> Rainer
>
Thanks Rainer.
I am now using Tomcat6(latest stable release) and configured the server.xml
with ajp connector to use tomcatAuthentication=false and I am still getting
the 'null' value :-( . Any other suggestions that I need to edit anywhere
else like web.xml / security constraints.
with the following sample jsp :
---------------------------------------------
<%@ page language="java" %>
<%@ page import="java.util.Enumeration" %>
<h2>HTTP Request Headers</h2>
<table border="0" cellspacing="1" cellpadding="2"> <tr> <th>Name</th>
<th>Value</th> </tr>
<% // Get all HTTP request headers names/values
Enumeration e1 = request.getHeaderNames();
String valueuser = request.getRemoteUser();
while (e1.hasMoreElements()) {
boolean doLoop = true;
String name = ((String)e1.nextElement()).toUpperCase();
Enumeration e2 = request.getHeaders(name);
while (e2.hasMoreElements()) {
String value = (String)e2.nextElement();
%>
<tr>
<td class=gray><%= name %></td>
<td class=gray><%= value %></td>
<td class=gray><%= valueuser %></td>
</tr>
<%
}
}
%>
------------------------------------
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Rainer Jung <ra...@kippdata.de>.
Nikhil wrote:
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <Connector port="64089"
> enableLookups="false" redirectPort="64083"
> tomcatAuthentication="false" protocol="AJP/1.3" />
OK
> After editing the change in the ajp connector, and restarting the tomcat, I
> still am not able to get the remote_user variable passed.
> Any suggestions? (Although I am still to try out the Tomcat6, but would
> prefer for fixing the existing installation unless there are any real
> problems in the tomcat version that I am using.
Use request.getRemoteUser()
HTH
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
[users@httpd] Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
I tried out Tomcat6 too and added 'tomcatAuthentication="false"' to the ajp
connector but that still not work. :-(
On Mon, Jul 14, 2008 at 7:15 PM, Nikhil <mn...@gmail.com> wrote:
> Rainer,
> I seem to have found a related link on this but this is really old
> pertaining to the older versions of Tomcat.. any suggestions please.
> http://marc.info/?t=104318298400002&r=1&w=2
>
--
Nikhil
Google is Great !
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
I tried out Tomcat6 too and added 'tomcatAuthentication="false"' to the ajp
connector but that still not work. :-(
On Mon, Jul 14, 2008 at 7:15 PM, Nikhil <mn...@gmail.com> wrote:
> Rainer,
> I seem to have found a related link on this but this is really old
> pertaining to the older versions of Tomcat.. any suggestions please.
> http://marc.info/?t=104318298400002&r=1&w=2
>
--
Nikhil
Google is Great !
[users@httpd] Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
Rainer,
I seem to have found a related link on this but this is really old
pertaining to the older versions of Tomcat.. any suggestions please.
http://marc.info/?t=104318298400002&r=1&w=2
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
Rainer,
I seem to have found a related link on this but this is really old
pertaining to the older versions of Tomcat.. any suggestions please.
http://marc.info/?t=104318298400002&r=1&w=2
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
On Mon, Jul 14, 2008 at 5:00 PM, Rainer Jung <ra...@kippdata.de>
wrote:
>
> Again, the http connector is *not* what you need to edit, if you want to
> combine Tomcat with mod_jk or mod_proxy_ajp. It is the AJP connector. See my
> previous mail.
>
> You need to add tomcatAuthentication="false" to that connector.
>
>
> Regards,
>
> Rainer
>
I seem to get it, Rainer. But the thing is that with my installed
tomcat-5.5.12 version and I do not have any already tomcatAuthentication
directive (if I call it that way). Okay I get you want me to "add", so this
is what I edited the server.xml now
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<!--
<Connector port="64083" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="64089"
enableLookups="false" redirectPort="64083"
tomcatAuthentication="false" protocol="AJP/1.3" />
<!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
<!-- See proxy documentation for more information about using this. -->
<!--
<Connector port="64082"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" acceptCount="100"
connectionTimeout="20000"
proxyPort="80" disableUploadTimeout="true" />
-->
After editing the change in the ajp connector, and restarting the tomcat, I
still am not able to get the remote_user variable passed.
I am using the following jsp installed under
webapps/jsp-examples/readheaders.jsp to have the environment variables
listed but with out any success..
--------
<%@ page language="java" %>
<%@ page import="java.util.Enumeration" %>
<h2>HTTP Request Headers</h2>
<table border="0" cellspacing="1" cellpadding="2"> <tr> <th>Name</th>
<th>Value</th> </tr>
<% // Get all HTTP request headers names/values
Enumeration e1 = request.getHeaderNames();
while (e1.hasMoreElements()) {
boolean doLoop = true;
String name = ((String)e1.nextElement()).toUpperCase();
Enumeration e2 = request.getHeaders(name);
while (e2.hasMoreElements()) {
String value = (String)e2.nextElement();
%>
<tr>
<td class=gray><%= name %></td>
<td class=gray><%= value %></td>
</tr>
<%
}
}
%>
--------------
Any suggestions? (Although I am still to try out the Tomcat6, but would
prefer for fixing the existing installation unless there are any real
problems in the tomcat version that I am using.
Thanks,
Nikhil
[users@httpd] Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
On Mon, Jul 14, 2008 at 5:00 PM, Rainer Jung <ra...@kippdata.de>
wrote:
>
> Again, the http connector is *not* what you need to edit, if you want to
> combine Tomcat with mod_jk or mod_proxy_ajp. It is the AJP connector. See my
> previous mail.
>
> You need to add tomcatAuthentication="false" to that connector.
>
>
> Regards,
>
> Rainer
>
I seem to get it, Rainer. But the thing is that with my installed
tomcat-5.5.12 version and I do not have any already tomcatAuthentication
directive (if I call it that way). Okay I get you want me to "add", so this
is what I edited the server.xml now
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<!--
<Connector port="64083" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="64089"
enableLookups="false" redirectPort="64083"
tomcatAuthentication="false" protocol="AJP/1.3" />
<!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
<!-- See proxy documentation for more information about using this. -->
<!--
<Connector port="64082"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" acceptCount="100"
connectionTimeout="20000"
proxyPort="80" disableUploadTimeout="true" />
-->
After editing the change in the ajp connector, and restarting the tomcat, I
still am not able to get the remote_user variable passed.
I am using the following jsp installed under
webapps/jsp-examples/readheaders.jsp to have the environment variables
listed but with out any success..
--------
<%@ page language="java" %>
<%@ page import="java.util.Enumeration" %>
<h2>HTTP Request Headers</h2>
<table border="0" cellspacing="1" cellpadding="2"> <tr> <th>Name</th>
<th>Value</th> </tr>
<% // Get all HTTP request headers names/values
Enumeration e1 = request.getHeaderNames();
while (e1.hasMoreElements()) {
boolean doLoop = true;
String name = ((String)e1.nextElement()).toUpperCase();
Enumeration e2 = request.getHeaders(name);
while (e2.hasMoreElements()) {
String value = (String)e2.nextElement();
%>
<tr>
<td class=gray><%= name %></td>
<td class=gray><%= value %></td>
</tr>
<%
}
}
%>
--------------
Any suggestions? (Although I am still to try out the Tomcat6, but would
prefer for fixing the existing installation unless there are any real
problems in the tomcat version that I am using.
Thanks,
Nikhil
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Rainer Jung <ra...@kippdata.de>.
Nikhil wrote:
> On Mon, Jul 14, 2008 at 4:22 PM, Nikhil <mn...@gmail.com> wrote:
>
>>
>> On Mon, Jul 14, 2008 at 2:39 PM, Rainer Jung <ra...@kippdata.de>
>> wrote:
>>
>>>> First of all 5.5.12 is very outdated and also very early in the 5.5
>>> release cycle.
>>>
>>> You need to add 'tomcatAuthentication="false"' in the Connector element
>>> for your AJP connector. The connector you showed us above is
>>>
>>> - an https connector
>>> - a comment and not active
>>>
>>> At least two good reasons, why this is not the right one. The AJP
>>> Connector is the one, which uses port 8009 in the default configuration and
>>> which you can identify by 'protocol="AJP/1.3"'.
>>>
>>>
>>> Regards,
>>>
>>> Rainer
>>>
>> Oops.. here is the http connector line in my configuration:
>>
>> <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
>> <Connector port="64080" maxHttpHeaderSize="8192"
>> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>> enableLookups="false" redirectPort="8443" acceptCount="100"
>> connectionTimeout="20000" disableUploadTimeout="true" />
>>
>>
>> Thanks Rainer. I will try out the later releases.. may be tomcat6 itself.
>>
>> Nikhil
>>
>>
>>
>>
> but still.. I do not get what is wrong with 5.5.12 and what could I do
> atleast in the httpd configuration that would get the kerberized apache
> authentication working in the tomcat apps.
Again, the http connector is *not* what you need to edit, if you want to
combine Tomcat with mod_jk or mod_proxy_ajp. It is the AJP connector.
See my previous mail.
You need to add tomcatAuthentication="false" to that connector.
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
[users@httpd] Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
On Mon, Jul 14, 2008 at 4:22 PM, Nikhil <mn...@gmail.com> wrote:
>
>
> On Mon, Jul 14, 2008 at 2:39 PM, Rainer Jung <ra...@kippdata.de>
> wrote:
>
>>
>>> First of all 5.5.12 is very outdated and also very early in the 5.5
>> release cycle.
>>
>> You need to add 'tomcatAuthentication="false"' in the Connector element
>> for your AJP connector. The connector you showed us above is
>>
>> - an https connector
>> - a comment and not active
>>
>> At least two good reasons, why this is not the right one. The AJP
>> Connector is the one, which uses port 8009 in the default configuration and
>> which you can identify by 'protocol="AJP/1.3"'.
>>
>>
>> Regards,
>>
>> Rainer
>>
>
> Oops.. here is the http connector line in my configuration:
>
> <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
> <Connector port="64080" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" redirectPort="8443" acceptCount="100"
> connectionTimeout="20000" disableUploadTimeout="true" />
>
>
> Thanks Rainer. I will try out the later releases.. may be tomcat6 itself.
>
> Nikhil
>
>
>
>
but still.. I do not get what is wrong with 5.5.12 and what could I do
atleast in the httpd configuration that would get the kerberized apache
authentication working in the tomcat apps.
--
Nikhil
Google is Great !
Re: tomcat, apache with mod_jk and mod_auth_kerb
Posted by Nikhil <mn...@gmail.com>.
On Mon, Jul 14, 2008 at 4:22 PM, Nikhil <mn...@gmail.com> wrote:
>
>
> On Mon, Jul 14, 2008 at 2:39 PM, Rainer Jung <ra...@kippdata.de>
> wrote:
>
>>
>>> First of all 5.5.12 is very outdated and also very early in the 5.5
>> release cycle.
>>
>> You need to add 'tomcatAuthentication="false"' in the Connector element
>> for your AJP connector. The connector you showed us above is
>>
>> - an https connector
>> - a comment and not active
>>
>> At least two good reasons, why this is not the right one. The AJP
>> Connector is the one, which uses port 8009 in the default configuration and
>> which you can identify by 'protocol="AJP/1.3"'.
>>
>>
>> Regards,
>>
>> Rainer
>>
>
> Oops.. here is the http connector line in my configuration:
>
> <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
> <Connector port="64080" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" redirectPort="8443" acceptCount="100"
> connectionTimeout="20000" disableUploadTimeout="true" />
>
>
> Thanks Rainer. I will try out the later releases.. may be tomcat6 itself.
>
> Nikhil
>
>
>
>
but still.. I do not get what is wrong with 5.5.12 and what could I do
atleast in the httpd configuration that would get the kerberized apache
authentication working in the tomcat apps.
--
Nikhil
Google is Great !