Hi y'all Recently I was assigned to the following task:
Integrate IIS with Tomcat in a pure windows environment. The task was to use intergrated authentication (kerberos) form IE clients. I've used these components: IIS 6, isapi_redirect.dll 1.2.18 and tomcat 5.5.17. But the Problem is that it does not work from arbitrary client. I tracked down the problem: It is a hardcoded limit of 8 KB transmission buffer both in isapi_redirect.dll and in the AJP 1.3 protocol implementation. This makes requests with rather long kerberos data fail. After I figured out that my problem was the buffer length and not any missing windows config stuff I've tried a quick'n'dirty hack: 1.) Recompiling isapi_redirect.dll with extending the buffer size to 32 KB: Voila, the DLLs log says about 8300 Bytes transmitted. 2.) Then I patched AJP Protokoll to come over the IndexOutOfBoundException which was tomcats (silent) result of my first 32 KB attempts :-( That hack works for my environment. Though staying with a fixed buffer size gives me some headache 'cause I think even the 32 KB could be to low for some esoteric environemnts. However I have a urgent request to you tomcat developers: Please increase the buffer size in AJP 1.3 and isapi_redirect.dll with your next release!!! I know that there might be some backwards compatibility issues, but 8KB is definitely to low (think of a very long client certificate chain)! Without increasing the buffer size the use of tomcat solution + IIS is way to restricted if not completly unusable. Im looking forward hearing about a increase buffer size patch, guys. I'm positiv that you can make it happen ;-) BTW: If you do the patch - Why not clean up the code a bit? I think buffer size must not spread over several places with declarations like 8*1024 or 8192. Sincerely, Peter Huber -- Peter Huber | Software-Entwicklung [EMAIL PROTECTED] TESIS SYSware GmbH * Baierbrunner Straße 15 * 81379 München Tel: +49 (89) 747377 90 Fax: +49 (89) 747377 99 Verringern Sie Ihre HelpDesk-Kosten für vergessene Passwörter erheblich. Wir überzeugen Sie gerne z.B. auf der SYSTEMS 2006, Halle A4, Stand 511 oder im Web: http://www.tesis.de/de/aspr --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
