You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by charly <ch...@yahoo.de> on 2005/05/28 18:26:11 UTC

NTLM authentication using jCIFS over JK1.2.10 & IIS fails

I am currently using TC 5.0.28 & http1.1-connector and JCIFS for authentication
in a webapp. Authentication is done completely within the webapp without using
TC methods and only when necessary.
This is working quite well except for few users, who are accessing over squid 
proxy, which suppresses the ntlm auth headers.
Only to overcome this and for these users I added access via https/443 using 
IIS (W2K-Server) and JK2.0.4, furthermore using jCIFS for authentication. 
This is running ok but unfortunately JK2.0.4 has this file upload bug. 
Therefore I wanted to upgrade to JK1.2.10 (and thereby TC 5.5.9). But I cannot 
get the ntlm authentication running over JK1.2.10/IIS. IE shows the login box,
though it should silently authenticate.
It seems that IIS/JK interferes with the authentication headers/process. I have
configured "jakarta" within IIS to not use basic or integrated windows auth. 
In the mailing lists I have not found anything (of course except using IIS 
builtin authentication). I have found a description with also a jCIFS/JK
problem, http://lists.samba.org/archive/jcifs/2003-July/002359.html 
but no solution.
Also I did not found any jk configuration parameters, which seem to apply to
this. Primarily I do not want to activate authentication within IIS. I want to
leave it to the webapp & jCIFS in order to avoid two different auth methods. 
The tomcat version does not seam to matter.
Summary:  requests running via
TC + http1.1      + jCIFS authenticating:   OK
TC + jk2.0.4/IIS  + no    authenticating:   OK
TC + jk2.0.4/IIS  + jCIFS authenticating:   OK
TC + jk1.2.10/IIS + no    authenticating:   OK
TC + jk1.2.10/IIS + JCIFS authenticating:   NOT OK

Anyone an idea whats the difference between jk2.0.4 and jk1.2.10 
causing this behaviour ? 
Have I overlooked something? 
Is this a bug within JK1.2.10?

Regards
    Karl-Heinz


	

	
		
___________________________________________________________ 
Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org