Roland Carlsson wrote:
Hi!
I have tried to read the arcives about how to create an realm that uses Active Directory as source but all questions that seems to fit me has no answers. I need to be able to authenticate my users and authroize them in my jsp-code (eg: request.isUserInRole ).
So, what libraries do I need to add? What should I write in my server.xml-file. The structure of the AD is com.mydomain/Users/JoeDoe (when looking in the gui-console).
Can I use form-based authentication?
Please do not refer to the LDAP mumbo-jumbo but rather use gui-elements from the AD-console if there are anything you want me to find out about our settings.
ADS serves two major services: LDAP and Kerberos5 GSSAPI. It would be nice to be able to use GSSAPI, but currently, Tomcat cannot do it. Apache can, so maybe that's the way - using Apache as a frontend via mod_jk2.
The basic structure would require web server, Apache or Tomcat, to be introduced as a web server into the ADS, giving it a Kerberos service key. Clients, IE or Mozilla, can use GSSAPI, if the user has been authenticated to the ADS (ADS Domain Controller is also a Kerberos KDC).
For Apache, you can use mod_kerbauth or something like that (there is mod_gssapi, also). Tomcat doesn't have a "server-side GSSAPI authentication module". It should be possible to write a filter for that purpose, but noone has done it, yet.
Java does have all that is needed to use Kerberos in JAAS. It's just that someone has to write it.
Nix.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
