You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Stéphanie Cettou <s....@gmail.com> on 2010/03/31 16:08:11 UTC
Windows Local user Login
Hi,
it is possible to do a windows authentication using local window xp
users and Tomcat?
I have Tomcat 5.5 and I will make a login to a jsp web site.
I tested with
<Realm className="org.apache.catalina.realm.JDBCRealm" ....
and
<Realm className="org.apache.catalina.realm.JNDIRealm"
for Active directory users.
It is possible to use the local windows users? If yes, how?
Thanks!
Stéphanie
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Windows Local user Login
Posted by Stéphanie Cettou <s....@gmail.com>.
I have SQL server 2000...
If I decide to use active directory I need to write my code to catch
exceptions when user logs in with expired, inactive, etc. passwords?
It is possible to catch this exceptions from active directory to java?
Thanks!
2010/3/31 Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov>:
> What database are you using?
>
> SQL Server 2005 and later allows you to use windows password policy and password expiration. You can enable that when you create your sql login. You create your windows password policy outside of Tomcat in active directory.
>
> However, as David pointed out to you in your other thread, you have write your own code to catch sql exceptions when user logs in with expired, inactive, etc. passwords.
>
> Leo
>
> -----Original Message-----
> From: Stéphanie Cettou [mailto:s.cettou@gmail.com]
> Sent: Wednesday, March 31, 2010 8:25 AM
> To: Tomcat Users List
> Subject: Re: Windows Local user Login
>
> I am confusing...
>
> I have a JSP application and tomcat 5.5.
>
> my goal it to implement a login for this application with this mandatory rules:
>
> - Check type of password (more that 8 char, special char,...)
> - Ask new password every month (from the web site)
> - Block the user after 3 failed login
> - Block inactive user (ex after 90 days)
>
> and not Mandatory:
> - Single-Sing-On for some users
> - Add/modify/delete user from web site
> - Get more roles at an user (my Java code is ready for a JDBCRealm
> login) * read/modify pages and objects
>
>
> The user must can connect from more pc, the finally application is in a Windows 2003 server.
> I don't know if I can use active directory (create a new active directory only for this application = install a new server), or others things...
> I don't know if I need to implement this in java, or a existing solution is ready...
>
> I don't have a lot of knowledge in active directory, tomcat, NTLM or Kerberos, ....
>
> I need to be sure to choise the good solution for all point of my goal while I can't spent a lot of time, and I can't change my solution later...
>
> can you give me more informations, please? I don't have enough knowledge to choise the the simplest and best solution now...
>
> thank you
>
> Stéphanie
>
>
>
> 2010/3/31 Christopher Schultz <ch...@christopherschultz.net>:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Stéphanie,
>>
>> On 3/31/2010 10:08 AM, Stéphanie Cettou wrote:
>>> it is possible to do a windows authentication using local window xp
>>> users and Tomcat?
>>
>> Do you happen to be using ActiveDirectory?
>>
>>> <Realm className="org.apache.catalina.realm.JNDIRealm"
>>> for Active directory users.
>>>
>>> It is possible to use the local windows users? If yes, how?
>>
>> Try googling for "tomcat windows authentication": there's some stuff
>> out there. A couple of things I found before I decided I was
>> getting-in over my head (are you using NTLM or Kerberos, etc.?), I found these:
>>
>> http://spnego.sourceforge.net/
>> http://wiki.apache.org/tomcat/FAQ/Windows#Q4
>>
>> I'm sure there are others.
>>
>> Another possibility (I suspect, though I don't know) is to use IIS out
>> in front of Tomcat, and have IIS perform the local authentication for
>> you, then pass that information through to Tomcat using AJP. This
>> might be an easier path for you to follow.
>>
>> - -chris
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAkuzW74ACgkQ9CaO5/Lv0PCWjgCghZXSFIO8/W/vrYJRdJ8JFJ9n
>> O/cAnjZaOXhzbp/06cHf6NReLYW/9VOB
>> =NQ3t
>> -----END PGP SIGNATURE-----
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Windows Local user Login
Posted by Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov>.
What database are you using?
SQL Server 2005 and later allows you to use windows password policy and password expiration. You can enable that when you create your sql login. You create your windows password policy outside of Tomcat in active directory.
However, as David pointed out to you in your other thread, you have write your own code to catch sql exceptions when user logs in with expired, inactive, etc. passwords.
Leo
-----Original Message-----
From: Stéphanie Cettou [mailto:s.cettou@gmail.com]
Sent: Wednesday, March 31, 2010 8:25 AM
To: Tomcat Users List
Subject: Re: Windows Local user Login
I am confusing...
I have a JSP application and tomcat 5.5.
my goal it to implement a login for this application with this mandatory rules:
- Check type of password (more that 8 char, special char,...)
- Ask new password every month (from the web site)
- Block the user after 3 failed login
- Block inactive user (ex after 90 days)
and not Mandatory:
- Single-Sing-On for some users
- Add/modify/delete user from web site
- Get more roles at an user (my Java code is ready for a JDBCRealm
login) * read/modify pages and objects
The user must can connect from more pc, the finally application is in a Windows 2003 server.
I don't know if I can use active directory (create a new active directory only for this application = install a new server), or others things...
I don't know if I need to implement this in java, or a existing solution is ready...
I don't have a lot of knowledge in active directory, tomcat, NTLM or Kerberos, ....
I need to be sure to choise the good solution for all point of my goal while I can't spent a lot of time, and I can't change my solution later...
can you give me more informations, please? I don't have enough knowledge to choise the the simplest and best solution now...
thank you
Stéphanie
2010/3/31 Christopher Schultz <ch...@christopherschultz.net>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Stéphanie,
>
> On 3/31/2010 10:08 AM, Stéphanie Cettou wrote:
>> it is possible to do a windows authentication using local window xp
>> users and Tomcat?
>
> Do you happen to be using ActiveDirectory?
>
>> <Realm className="org.apache.catalina.realm.JNDIRealm"
>> for Active directory users.
>>
>> It is possible to use the local windows users? If yes, how?
>
> Try googling for "tomcat windows authentication": there's some stuff
> out there. A couple of things I found before I decided I was
> getting-in over my head (are you using NTLM or Kerberos, etc.?), I found these:
>
> http://spnego.sourceforge.net/
> http://wiki.apache.org/tomcat/FAQ/Windows#Q4
>
> I'm sure there are others.
>
> Another possibility (I suspect, though I don't know) is to use IIS out
> in front of Tomcat, and have IIS perform the local authentication for
> you, then pass that information through to Tomcat using AJP. This
> might be an easier path for you to follow.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkuzW74ACgkQ9CaO5/Lv0PCWjgCghZXSFIO8/W/vrYJRdJ8JFJ9n
> O/cAnjZaOXhzbp/06cHf6NReLYW/9VOB
> =NQ3t
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Windows Local user Login
Posted by Stéphanie Cettou <s....@gmail.com>.
Thanks!!!
Now, I have a best idea.
I will "analyse" all this for the next week.
A very big Thanks!
Stéphanie
2010/4/1 Christopher Schultz <ch...@christopherschultz.net>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Stéphanie,
>
> On 4/1/2010 3:12 AM, Stéphanie Cettou wrote:
>> - the webapp running in a Microsoft Windows 2003 Server environment.
>> Active directory is NOT use in this server.
>
> Got it.
>
>> - Actually the users authenticate with a user/passwords/roles in a SQL
>> 2000 Database.
>
> Perfect! There's no reason to mess around with AD/NTLM/Kerberos or any
> of that stuff: just use a standard Realm that ships with Tomcat to
> authenticate against a JDBC user database.
>
> Uh, does "SQL 2000 Database" really mean "Microsoft SQL Server 2000"?
>
>> <Realm className="org.apache.catalina.realm.JDBCRealm"
>
> I highly recommend that you do *not* use JDBCRealm, as this realm is
> "effectively single-threaded" according to the Tomcat developers.
> Consider using DataSourceRealm instead, which uses a pool of JDBC
> connections to perform authentication.
>
>> driverName="net.sourceforge.jtds.jdbc.Driver"
>
> If you're running Microsoft SQL Server, you should probably be using the
> Microsoft JDBC driver. Although, I did look up jTDS and it looks like
> it's a decent driver.
>
>> userTable="Users" userNameCol="UserId" userCredCol="Password"
>> userRoleTable="UsersFeatures" roleNameCol="FeatureID" />
>>
>> like standard tomcat authentication.
>
> Okay, great. It wasn't clear that you had an acceptable authentication
> solution already implemented.
>
>> But, I need to change to implement my goal...
>>
>> c) Can you use your own database? Yes (but I must to be implement
>> complex authentication)
>
> I see. Let's go to your previous message:
>
>> - Check type of password (more that 8 char, special char,...)
>
> Tomcat does not provide any way to change passwords, so you'll have to
> implement these items yourself in your password-change code.
>
>> - Ask new password every month (from the web site)
>
> Again, you'll have to implement this yourself.
>
>> - Block the user after 3 failed login
>
> Tomcat does not implement this until recent versions of Tomcat 6.x. Are
> you able to upgrade to the latest Tomcat 6.x? You can use LockOutRealm
> to do /some/ kind of blocking (I'm not sure exactly what your
> requirements are, and I'm not sure exactly what the LockOutRealm does to
> enforce the locking).
>
>> - Block inactive user (ex after 90 days)
>
> Tomcat does not do this, either: you'll have to either use your own
> authentication system (such as securityfilter
> http://securityfilter.sourceforge.net along with your own Realm
> implementation that includes additional data-checking during the login)
> or in some other way.
>
> We implement features like the above in our project by using
> securityfilter with a custom Realm, plus a "credential Filter" which
> checks password age and user status, and then does things like redirect
> all requests to the "change password" page if you need to change your
> password, etc.
>
> Perhaps something like that would work for you.
>
> Hope that helps,
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAku0oRYACgkQ9CaO5/Lv0PComwCfb/JwX0d2yDh8SvUVoteSh+lM
> d4QAoJLrIaWZCzFApoB9uHS/G//4i+K4
> =cSNG
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Windows Local user Login
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stéphanie,
On 4/1/2010 3:12 AM, Stéphanie Cettou wrote:
> - the webapp running in a Microsoft Windows 2003 Server environment.
> Active directory is NOT use in this server.
Got it.
> - Actually the users authenticate with a user/passwords/roles in a SQL
> 2000 Database.
Perfect! There's no reason to mess around with AD/NTLM/Kerberos or any
of that stuff: just use a standard Realm that ships with Tomcat to
authenticate against a JDBC user database.
Uh, does "SQL 2000 Database" really mean "Microsoft SQL Server 2000"?
> <Realm className="org.apache.catalina.realm.JDBCRealm"
I highly recommend that you do *not* use JDBCRealm, as this realm is
"effectively single-threaded" according to the Tomcat developers.
Consider using DataSourceRealm instead, which uses a pool of JDBC
connections to perform authentication.
> driverName="net.sourceforge.jtds.jdbc.Driver"
If you're running Microsoft SQL Server, you should probably be using the
Microsoft JDBC driver. Although, I did look up jTDS and it looks like
it's a decent driver.
> userTable="Users" userNameCol="UserId" userCredCol="Password"
> userRoleTable="UsersFeatures" roleNameCol="FeatureID" />
>
> like standard tomcat authentication.
Okay, great. It wasn't clear that you had an acceptable authentication
solution already implemented.
> But, I need to change to implement my goal...
>
> c) Can you use your own database? Yes (but I must to be implement
> complex authentication)
I see. Let's go to your previous message:
> - Check type of password (more that 8 char, special char,...)
Tomcat does not provide any way to change passwords, so you'll have to
implement these items yourself in your password-change code.
> - Ask new password every month (from the web site)
Again, you'll have to implement this yourself.
> - Block the user after 3 failed login
Tomcat does not implement this until recent versions of Tomcat 6.x. Are
you able to upgrade to the latest Tomcat 6.x? You can use LockOutRealm
to do /some/ kind of blocking (I'm not sure exactly what your
requirements are, and I'm not sure exactly what the LockOutRealm does to
enforce the locking).
> - Block inactive user (ex after 90 days)
Tomcat does not do this, either: you'll have to either use your own
authentication system (such as securityfilter
http://securityfilter.sourceforge.net along with your own Realm
implementation that includes additional data-checking during the login)
or in some other way.
We implement features like the above in our project by using
securityfilter with a custom Realm, plus a "credential Filter" which
checks password age and user status, and then does things like redirect
all requests to the "change password" page if you need to change your
password, etc.
Perhaps something like that would work for you.
Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAku0oRYACgkQ9CaO5/Lv0PComwCfb/JwX0d2yDh8SvUVoteSh+lM
d4QAoJLrIaWZCzFApoB9uHS/G//4i+K4
=cSNG
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Windows Local user Login
Posted by Stéphanie Cettou <s....@gmail.com>.
No, I'm not sure what I want...the only things sure is my mandatory
(and optional) rules...but I don't know how I will make this...
I ask for the windows local user while for me is more simple to create
local user that install a new server with active directory...but if is
necessary (or best) I can install it.
Now, I am writing to understand wich solution I must to take...
So:
- the webapp running in a Microsoft Windows 2003 Server environment.
Active directory is NOT use in this server.
- I don't know what I do...but nobody here can do this....I must learn it..
- Actually the users authenticate with a user/passwords/roles in a SQL
2000 Database. I use
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="net.sourceforge.jtds.jdbc.Driver"
connectionURL="jdbc:jtds:sqlserver://acer1/ServiceCenter;user=sa;password=sa;namedPipe=true"
userTable="Users" userNameCol="UserId" userCredCol="Password"
userRoleTable="UsersFeatures" roleNameCol="FeatureID" />
like standard tomcat authentication. But, I need to change to
implement my goal..
a) Do you have AD already? No
b) Do you have to authenticate against local Microsoft Windows User
DB? not mandatory
c) Can you use your own database? Yes (but I must to be implement
complex authentication)
Thank you very much Christopher for your help!
Stéphanie
2010/3/31 Christopher Schultz <ch...@christopherschultz.net>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Stéphanie,
>
> It sounds to me like you're not sure what you want. Your original
> message was asking about how to authentication against a local Microsoft
> Windows user database (that is, NOT ActiveDirectory, which should be
> trivial). Now it sounds like you want to enforce all kinds of
> constraints on passwords, etc.
>
> Let's solve one problem at a time.
>
> On 3/31/2010 11:25 AM, Stéphanie Cettou wrote:
>> I have a JSP application and tomcat 5.5.
>>
>> my goal it to implement a login for this application with this mandatory rules:
>
> You can deal with password complexity once you've decided how your
> passwords will be stored and how they will be set.
>
> For example, typically when authenticating against ActiveDirectory, the
> webapp itself does not provide a way to change an AD password. When
> passwords are set is the appropriate time to check for required
> complexity. Password expiration should also be done by some other means:
> Authentication just checks credentials.
>
>> The user must can connect from more pc, the finally application is in
>> a Windows 2003 server.
>
> So, you have the webapp running in a Microsoft Windows 2003 Server
> environment: good to know. Is ActiveDirectory being used in this
> environment? If so, use it. If not, don't set up AD just for your webapp.
>
>> I don't know if I can use active directory (create a new active
>> directory only for this application = install a new server), or others
>> things...
>> I don't know if I need to implement this in java, or a existing
>> solution is ready...
>
> An existing solution is probably already available... in Java.
>
>> I don't have a lot of knowledge in active directory, tomcat, NTLM or
>> Kerberos, ....
>
> If you don't know what you're doing, I highly recommend that you find
> someone who does and make this their job to do.
>
>> I need to be sure to choise the good solution for all point of my goal
>> while I can't spent a lot of time, and I can't change my solution
>> later...
>
> Do you have a user database against which you'd like to authenticate
> users? If that database is separate from Microsoft Windows (say, a
> RDBMS), then you don't have to mess with AD/NTLM/whatever: just use one
> of the standard Tomcat realms to do authentication for you. If you
> *must* use the Microsoft Windows user database, then you should look for
> a Java product that can authenticate against such a database.
>
> So, which is it:
>
> a) Do you have AD already?
> b) Do you have to authenticate against local Microsoft Windows User DB?
> c) Can you use your own database?
>
> I'm still not really clear on what your situation is.
>
>> can you give me more informations, please? I don't have enough
>> knowledge to choise the the simplest and best solution now...
>
> You are asking about implementing user authentication, which is
> typically an integral part of your security policy. If you don't
> understand what you are doing, anyone could give you horrible advice. My
> advice is to make sure you understand what you're doing before you do it.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkuzkiEACgkQ9CaO5/Lv0PCU3ACfd2wX88utKny/EEDEFxROcFl+
> W6gAnAktwUL/CWvTW8C3+4jocKqCnl5d
> =fRvV
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Windows Local user Login
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stéphanie,
It sounds to me like you're not sure what you want. Your original
message was asking about how to authentication against a local Microsoft
Windows user database (that is, NOT ActiveDirectory, which should be
trivial). Now it sounds like you want to enforce all kinds of
constraints on passwords, etc.
Let's solve one problem at a time.
On 3/31/2010 11:25 AM, Stéphanie Cettou wrote:
> I have a JSP application and tomcat 5.5.
>
> my goal it to implement a login for this application with this mandatory rules:
You can deal with password complexity once you've decided how your
passwords will be stored and how they will be set.
For example, typically when authenticating against ActiveDirectory, the
webapp itself does not provide a way to change an AD password. When
passwords are set is the appropriate time to check for required
complexity. Password expiration should also be done by some other means:
Authentication just checks credentials.
> The user must can connect from more pc, the finally application is in
> a Windows 2003 server.
So, you have the webapp running in a Microsoft Windows 2003 Server
environment: good to know. Is ActiveDirectory being used in this
environment? If so, use it. If not, don't set up AD just for your webapp.
> I don't know if I can use active directory (create a new active
> directory only for this application = install a new server), or others
> things...
> I don't know if I need to implement this in java, or a existing
> solution is ready...
An existing solution is probably already available... in Java.
> I don't have a lot of knowledge in active directory, tomcat, NTLM or
> Kerberos, ....
If you don't know what you're doing, I highly recommend that you find
someone who does and make this their job to do.
> I need to be sure to choise the good solution for all point of my goal
> while I can't spent a lot of time, and I can't change my solution
> later...
Do you have a user database against which you'd like to authenticate
users? If that database is separate from Microsoft Windows (say, a
RDBMS), then you don't have to mess with AD/NTLM/whatever: just use one
of the standard Tomcat realms to do authentication for you. If you
*must* use the Microsoft Windows user database, then you should look for
a Java product that can authenticate against such a database.
So, which is it:
a) Do you have AD already?
b) Do you have to authenticate against local Microsoft Windows User DB?
c) Can you use your own database?
I'm still not really clear on what your situation is.
> can you give me more informations, please? I don't have enough
> knowledge to choise the the simplest and best solution now...
You are asking about implementing user authentication, which is
typically an integral part of your security policy. If you don't
understand what you are doing, anyone could give you horrible advice. My
advice is to make sure you understand what you're doing before you do it.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuzkiEACgkQ9CaO5/Lv0PCU3ACfd2wX88utKny/EEDEFxROcFl+
W6gAnAktwUL/CWvTW8C3+4jocKqCnl5d
=fRvV
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Windows Local user Login
Posted by Stéphanie Cettou <s....@gmail.com>.
I am confusing...
I have a JSP application and tomcat 5.5.
my goal it to implement a login for this application with this mandatory rules:
- Check type of password (more that 8 char, special char,...)
- Ask new password every month (from the web site)
- Block the user after 3 failed login
- Block inactive user (ex after 90 days)
and not Mandatory:
- Single-Sing-On for some users
- Add/modify/delete user from web site
- Get more roles at an user (my Java code is ready for a JDBCRealm
login) * read/modify pages and objects
The user must can connect from more pc, the finally application is in
a Windows 2003 server.
I don't know if I can use active directory (create a new active
directory only for this application = install a new server), or others
things...
I don't know if I need to implement this in java, or a existing
solution is ready...
I don't have a lot of knowledge in active directory, tomcat, NTLM or
Kerberos, ....
I need to be sure to choise the good solution for all point of my goal
while I can't spent a lot of time, and I can't change my solution
later...
can you give me more informations, please? I don't have enough
knowledge to choise the the simplest and best solution now...
thank you
Stéphanie
2010/3/31 Christopher Schultz <ch...@christopherschultz.net>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Stéphanie,
>
> On 3/31/2010 10:08 AM, Stéphanie Cettou wrote:
>> it is possible to do a windows authentication using local window xp
>> users and Tomcat?
>
> Do you happen to be using ActiveDirectory?
>
>> <Realm className="org.apache.catalina.realm.JNDIRealm"
>> for Active directory users.
>>
>> It is possible to use the local windows users? If yes, how?
>
> Try googling for "tomcat windows authentication": there's some stuff out
> there. A couple of things I found before I decided I was getting-in over
> my head (are you using NTLM or Kerberos, etc.?), I found these:
>
> http://spnego.sourceforge.net/
> http://wiki.apache.org/tomcat/FAQ/Windows#Q4
>
> I'm sure there are others.
>
> Another possibility (I suspect, though I don't know) is to use IIS out
> in front of Tomcat, and have IIS perform the local authentication for
> you, then pass that information through to Tomcat using AJP. This might
> be an easier path for you to follow.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkuzW74ACgkQ9CaO5/Lv0PCWjgCghZXSFIO8/W/vrYJRdJ8JFJ9n
> O/cAnjZaOXhzbp/06cHf6NReLYW/9VOB
> =NQ3t
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Windows Local user Login
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stéphanie,
On 3/31/2010 10:08 AM, Stéphanie Cettou wrote:
> it is possible to do a windows authentication using local window xp
> users and Tomcat?
Do you happen to be using ActiveDirectory?
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> for Active directory users.
>
> It is possible to use the local windows users? If yes, how?
Try googling for "tomcat windows authentication": there's some stuff out
there. A couple of things I found before I decided I was getting-in over
my head (are you using NTLM or Kerberos, etc.?), I found these:
http://spnego.sourceforge.net/
http://wiki.apache.org/tomcat/FAQ/Windows#Q4
I'm sure there are others.
Another possibility (I suspect, though I don't know) is to use IIS out
in front of Tomcat, and have IIS perform the local authentication for
you, then pass that information through to Tomcat using AJP. This might
be an easier path for you to follow.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuzW74ACgkQ9CaO5/Lv0PCWjgCghZXSFIO8/W/vrYJRdJ8JFJ9n
O/cAnjZaOXhzbp/06cHf6NReLYW/9VOB
=NQ3t
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org