Hi, i have a few questions about the JNDIRealm, GSSAPI (Kerberos 5 mech) authentication and the SPNEGO Authenticator Valve in TC 7.0.47:
Preface: In the docs SPNEGO Authenticator Valve/JNDIRealm is called "30) Windows Authentication" but i guess its not only working for windows? I see no code which is explicitly tied to windows or active directory so i assume its also working for Linux/MIT Kerberos/OpenLDAP setup, is this true? What i try to achieve is that the JNDIRealm will use the user's ( which is authenticated by the spnego valve) delegated credentials to connect to the LDAP server and then query the roles to which the users belongs to. This is not working for me for two reasons: 1) JndiRealm tries initially on startup to make a connection to the LDAP server which makes no sense because there are no GSSAPI credentials yet -> JndiRealm.startInternal() (Line 2225) 2) After temporarily solving issue 1) the JNDI Realm prompt me for username and password. This seems to be originating from the SASL Client default callback. I tried to register my own callbackhandler (setting java.naming.security.sasl.callback) but it’s ignored. Inspecting the code of JNDIRealm.java it seems that such a scenario is not indented but the docs argue the converse http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html#Tomcat_instance Any help is appreciated. Thanks Hendrik --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org