DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7831>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7831 [PATCH] JNDIRealm does not work with CLIENT-CERT auth method ------- Additional Comments From [EMAIL PROTECTED] 2003-06-05 12:57 ------- @marek: I am not happy with this. I think a correct implementation should not use the Cert-Subject for the username. I have implemented my own JNDIRealm which tries to lookup a user with the certificate and uses the name found for the principal-object. So it makes no difference which certificate the user uses, or if you use BASIC Authentication with my JNDIRealm, for the application it is almost always the same user. The dark side of this solution is, that it depends on how the LDAP-Server saves certificates. My solution currently works with Windows Active Directory, however, it should be easy to adopt it. I have tried to discuss this on tomcat-dev (search "CLIENT-CERT and JNDI"), but no one has answered yet. I am looking forward to share my thoughts. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
