You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Nacho <na...@siapi.es> on 2000/11/19 22:17:48 UTC
Bypassing IIS security
Hola A todos:
Lately I'm trying to figure out a way to bypass the basic/digest
security handling done by ISS, and so let it be done by tomcat, as it's
a pain under IIS as it requires to have the users created at OS level, (
at least i unable to found a way to do that ), but apart from MS
blues.....
I did found that way only by changing a single line inside the ajp12
handling routine , and letting remoteuser be obtained by tomcat itself,
i think this works for all servers and for basic&digest authentication ,
Can be useful to know of to somebody, if anybody found it useful i can
add an option to server.xml to control that ( at contextmanager level
i.e) , and i'm thinking only of TC 3.3 and TC 4.0 at that time.
What do you think?
Saludos ,
Ignacio J. Ortega
Re: Bypassing IIS security
Posted by Nick Bauman <ni...@cortexity.com>.
I remember when I worked for Imation we had that problem with IIS3-4 (you
can't add web users without adding them to the system, ie 1 user to IIS is
1 user to that whole machine!)
Anything to prevent this requirement would be greatly appreciated if I
rewind my experience a couple years.
On Sun, 19 Nov 2000, Nacho wrote:
> Hola A todos:
>
> Lately I'm trying to figure out a way to bypass the basic/digest
> security handling done by ISS, and so let it be done by tomcat, as it's
> a pain under IIS as it requires to have the users created at OS level, (
> at least i unable to found a way to do that ), but apart from MS
> blues.....
>
> I did found that way only by changing a single line inside the ajp12
> handling routine , and letting remoteuser be obtained by tomcat itself,
> i think this works for all servers and for basic&digest authentication ,
>
>
> Can be useful to know of to somebody, if anybody found it useful i can
> add an option to server.xml to control that ( at contextmanager level
> i.e) , and i'm thinking only of TC 3.3 and TC 4.0 at that time.
>
> What do you think?
>
> Saludos ,
> Ignacio J. Ortega
>
--
Nicolaus Bauman
Software Engineer
Simplexity Systems