You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Torgeir Veimo <to...@vertech.no> on 2001/05/14 09:43:32 UTC

Re: JNDI/LDAP realm

John Holman wrote:
> 
> > I preferred binding to the directory with supplied credentials because it
> > allows the realm implementation to use an anonymous password for the rest
> of
> > what it needs.

+1

> The only advantage I can see
> for having the realm retrieve the password is that it makes http digest
> authentication possible, provided that the plaintext password or a suitable
> hash is stored in the directory. 

I think that http digest authentication in theory is possible with
authentication using an LDAP bind. The tricky details are in using the
nonce & realm from the LDAP server in the initial challenge, and not
having the LDAP client code touch the digested answer from the client
before sending it to the LDAP server.

I would like to add a third feature, namely to be able to reuse the
authentication information from the servlet container in a "resource
connector", eg. an LDAP connection pool so that a web application could
ask for authenticated connections to the LDAP server without having to
deal with username and passwords itself. Currently this is not possible
with tomcat4.0beta.

-- 
- Torgeir