Nikola Milutinovic-2 wrote:
> 
> Just to make the picture complete, it can also be done with Apache +
> mod_auth_kerb + mod_jk. It does require some steps and the most tricky one
> is getting a proper Kerberos Service key from MS ADS. We've done it, so it
> is not really a big deal. However, people tend to state that TC is as good
> at serving static content as Apache and that eliminating one link in the
> server chain reduces complexity. Which is true. And which is why we need a
> proper Kerberos realm for these setups.
> 
> Nix.
> 
> 
> 
> 
> ________________________________
> From: George Sexton <geor...@mhsoftware.com>
> To: Tomcat Users List <users@tomcat.apache.org>
> Sent: Monday, September 14, 2009 7:47:48 PM
> Subject: RE: Windwos Integrated Authentication using AD and Tomcat (no
> prompt to the users)
> 
> If you're fronting Tomcat w/ IIS using the ISAPI redirector, then this can
> be done. Here's a link to the instructions for our product that describe
> how
> to do it.
> 
> http://www.mhsoftware.com/caldemo/manual/en/pageFinder.html?page=895.htm
> 
> Essentially, following steps 2-4 will cause the
> HttpServletRequest.getRemoteUser() to return the Windows User name
> (SAMAccountName).
> 
> 
> George Sexton
> MH Software, Inc.
> http://www.mhsoftware.com/
> Voice: 303 438 9585
> 
> 
>> -----Original Message-----
>> From: Nikola Milutinovic [mailto:alok...@yahoo.com]
>> Sent: Monday, September 14, 2009 11:26 AM
>> To: Tomcat Users List; Tomcat Users List
>> Subject: Re: Windwos Integrated Authentication using AD and Tomcat (no
>> prompt to the users)
>> 
>> There is also a module from Quest Software, using Kerberos
>> authentication, but it costs mega $.
>> 
>> Has anyone considered writing a TC realm for Kerberos?
>> 
>> Before MS ADS came into popular use, Kerberos was a rare beast, but now
>> it is more present. And it much better than NTLM, which is why MS
>> started using it. Just think about it - NTLM sucked so badly that the
>> great Behemoth, Microsoft, decided to use open standard solution.
>> 
>> Nix.
>> 
>> 
>> 
>> 
>> ________________________________
>> From: André Warnier <a...@ice-sa.com>
>> To: Tomcat Users List <users@tomcat.apache.org>
>> Sent: Sunday, September 13, 2009 1:33:16 PM
>> Subject: Re: Windwos Integrated Authentication using AD and Tomcat (no
>> prompt to the users)
>> 
>> To Martin, Steve and others :
>> 
>> Samba's JCIFS works fine, but only for NTLMv1 authentication.
>> (It is also no longer maintained, see http://jcifs.samba.org.)
>> It does NOT work for NTLMv2 authentication, which is fast becoming the
>> norm, and the default from Vista onwards.
>> Jespa works with NTLMv2, and is free for up to 25 users.
>> 
>> I have no shares in ioplex or Jespa.
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>> 
>> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 
> 

You can see http://tomcatspnego.codeplex.com
There is two solutions, one only for tomcat running on Windows and another
which also works with tomcat running on unix. The first version uses JNDI
with a dll. The second version uses a Windows service running with .net 2.0.

Dominique Guerin
-- 
View this message in context: 
http://www.nabble.com/Windwos-Integrated-Authentication-using-AD-and-Tomcat-%28no-prompt-to-the-users%29-tp25417655p25531285.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to