good pointcan you display for us the Directory configuration in httpd.conf
e.g. something like
#assume you do not have mod_auth_sspi
http://sourceforge.net/projects/mod-auth-sspi/
<Directory "/home/bob/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
# not valid with SSPI
Krb5KeyTabFile /home/alice/krb5kt
#
Krb5ServiceName HTTP
</Directory>
Martin______________________________________________Disclaimer and
confidentiality noteEverything in this e-mail and any attachments relates to
the official business of Sender. This transmission is of a confidential nature
and Sender does not endorse distribution to any party other than intended
recipient. Sender does not necessarily endorse content contained within this
transmission.> Date: Wed, 2 Jan 2008 07:39:49 +0100> From: [EMAIL PROTECTED]>
To: users@tomcat.apache.org> Subject: Re: mod_spnego SingleSignOn over mod_jk>
> Hi Cenk,> > Cenk Oguz schrieb:> > I am looking into configuring SingleSignOn
Kerberos authentication in> > a Tomcat application using SPNEGO authentication
on a Apache2> > frontend server. The fontend apache2 currently forwards all
requests> > to Tomcat through mod_jk.> > > > As I see there is an apache2
module for Kerberos authentication> > without user intervention, mod_spnego.>
>> > However I am curious of knowing if it is possible using mod_spnego to> >
forward the authenticated user/principal in a http header to Tomcat> > from
Apache, in the mod_jk stream. The packaged Tomcat application> > requires an
http header that containes the user.> > For me the mod_spnego code looks like
it only set the usual> authenticated user var, so the name of the user will be
available for> the webapp only by using request.getRemoteUser() and not via an
http header.> > > Also, will autentication take place before mod_jk forwards
the> > request? If mod_jk acts before autentication there is no point in> >
proceding with this.> > It looks like the two modules play nicely together.
mod_spnego only uses> the auth slots and mod_jk totally ignores those. That
should be fine.> > You shoulkd check, if mod_spnego does work fine with
<Location>> directives and not only with <Directory>. I would expect that, but
the> docs are not clear about it.> > > Has anyone had experience in this?> > No
experience from me, this is just from a quick look at the code.> > > /Cenk> >
Regards,> > Rainer> > >
---------------------------------------------------------------------> To start
a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: [EMAIL
PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]>
_________________________________________________________________
Share life as it happens with the new Windows Live.
http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_122007
