Peter Kahn wrote: > Can someone let me know how to setup NTLM authentication such that all > access to tomcat is restricted to users in a specific group? > > I have an instance of tomcat and it is serving several opengrok web apps. > Each opengrop app is pointing at a different source tree. I want to > restrict access to all of these webapps to a specific group of users. > > When I offer php based webapps and restrict them to a group of users, I use > apache2 authentication with a perl based NTLM extension. Since tomcat is > running on a different port, I tried binding tomcat to localhost or > loopback only and then used the proxy directive from apache2 to the offer > the applications to users on my lan. This worked, but the NTLM auth failed > when I added it in. I see my options as: > a) get apache auth to work via the proxy > b) forget apache auth and have tomcat handle the authentication.
If you use the AJP connector with mod_jk (or in Apache 2.2, mod_proxy_ajp) you can continue to front your application with HTTPD NTLM authentication. Set the tomcatAuthentication connector attribute to false, as per: http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html p > I looked around the docs, googling here and there but most authentication > appeared to be at the individual web application level and not for the > entire instance. > - Is authentication at the entire tomcat instance level a practice that > people do? > - Is there a standard way to tie it into NTLM? > > So, can you send me links or advice if you happen to know of a good resource > for issue or see that I'm approaching in a needlessly difficult way? Thanks > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]