As I mentioned earlier today, we've licensed a (Struts-based, so I'm not
*entirely* off topic) third-party webapp that comes pre-configured to do
LDAP authentication. We, of course, do not have LDAP. We have Kerberos.
Easy enough, I thought... surely there's a KerberosRealm I can configure and
plug in. Apparently not.
I can successfully authenticate with Kerberos at the command line using the
code in the tutorial:
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/AcnOnly.html
I can not, however, figure out what I'm supposed to do to fit that part into
the Catalina JAASRealm, as described here:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#JAASRealm
The first thing it says is "Write your own LoginModule". (Frightening...
*I* have to talk to the Kerberos service?) But there's already
com.sun.security.auth.module.Krb5LoginModule which is used in the tutorial,
so maybe not. I have that in $CATALINA_HOME/conf/jaas.config with JAVA_OPTS
set properly.
And that's about as far as I can get. When I go to configure server.xml, it
wants class names for users and roles:
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="JaasSample"
userClassNames="???"
roleClassNames="???"
debug="99"/>
Even if I write a couple of classes and fill in the blanks, I don't see
what's ever going to instantiate them.
What am I missing? This can't be as hard as I'm making it.
Thanks,
Wendy Smoak
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
