Author: kkolinko
Date: Sun Apr 3 22:23:05 2011
New Revision: 1088429
URL: http://svn.apache.org/viewvc?rev=1088429&view=rev
Log:
Correct a typo and some formatting as a followup to r1087524
Modified:
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/windows-auth-howto.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1088429&r1=1088428&r2=1088429&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Sun Apr 3 22:23:05 2011
@@ -130,7 +130,7 @@
also referred to as integrated Windows authentication. This includes
user authentication, authorisation via the directory using the
user's delegated credentials and exposing the user's
delegated
- credentials via a request attribute so applications can make use of the
+ credentials via a request attribute so applications can make use of
them
to impersonate the current user when accessing third-party systems that
use a compatible authentication mechanism. Based on a patch provided by
Michael Osipov. (markt)
Modified: tomcat/trunk/webapps/docs/windows-auth-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/windows-auth-howto.xml?rev=1088429&r1=1088428&r2=1088429&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/windows-auth-howto.xml (original)
+++ tomcat/trunk/webapps/docs/windows-auth-howto.xml Sun Apr 3 22:23:05 2011
@@ -53,6 +53,7 @@ sections.</p>
<section name="Built-in Tomcat support">
<p><strong>This is a work in progress. There are a number of outstanding
questions that require further testing.</strong> These include:
+</p>
<ul>
<li>Does the domain name have to be in upper case?</li>
<li>Does the SPN have to start with HTTP/...?</li>
@@ -62,7 +63,6 @@ questions that require further testing.<
associated account works, domain admin works, local admin doesn't
work</li>
</ul>
-</p>
<p>There are four components to the configuration of the built-in Tomcat
support for Windows authentication. The domain controller, the server hosting
Tomcat, the web application wishing to use Windows authentication and the
client
@@ -81,6 +81,7 @@ policy had to be relaxed. This is not re
domain controller. Configuration of a Windows server as a domain controller
is
outside the scope of this how-to. The steps to configure the domain
controller
to enable Tomcat to support Windows authentication are as follows:
+ </p>
<ul>
<li>Create a domain user that will be mapped to the service name used by the
Tomcat server. In this how-to, this user is called <code>tc01</code> and has
a
@@ -102,7 +103,6 @@ policy had to be relaxed. This is not re
<li>Create a domain user to be used on the client. In this how-to the domain
user is <code>test</code> with a password of <code>testpass</code>.</li>
</ul>
- </p>
<p>The above steps have been tested on a domain controller running Windows
Server 2008 R2 64-bit Standard using the Windows Server 2003 functional level
for both the forest and the domain.
@@ -114,6 +114,8 @@ policy had to be relaxed. This is not re
installed and configured and that Tomcat is running as the [email protected]
user. The steps to configure the Tomcat instance for Windows authentication
are as follows:
+ </p>
+ <ul>
<li>Copy the <code>tomcat.keytab</code> file created on the domain controller
to <code>$CATALINA_BASE/conf/tomcat.keytab</code>.</li>
<li>Create the kerberos configuration file
@@ -163,7 +165,7 @@ com.sun.security.jgss.krb5.accept {
<li>The system property <code>javax.security.auth.useSubjectCredsOnly</code>
is automatically set to the required value of false if a web application is
configured to use the SPNEGO authentication method.</li>
- </p>
+ </ul>
<p>The SPNEGO authenticator will work with any <a href="config/realm.html">
Realm</a> but if used with the JNDI Realm, by default the JNDI Realm will use
the user's delegated credentials to connect to the Active Directory.
@@ -194,7 +196,7 @@ com.sun.security.jgss.krb5.accept {
<p>Correctly configuring Kerberos authentication can be tricky. The following
references may prove helpful. Advice is also always available from the
<a href="http://tomcat.apache.org/lists.html#tomcat-users";>Tomcat users
- mailing list</a>.
+ mailing list</a>.</p>
<ol>
<li><a
href="http://www.adopenstatic.com/cs/blogs/ken/archive/2006/10/19/512.aspx";>
IIS and Kerberos</a></li>
@@ -208,7 +210,7 @@ com.sun.security.jgss.krb5.accept {
Encryption Selection in Kerberos Exchanges</a></li>
<li><a href="http://support.microsoft.com/kb/977321";>Supported Kerberos
Cipher
Suites</a></li>
- </ol></p>
+ </ol>
</subsection>
</section>
@@ -217,37 +219,34 @@ com.sun.security.jgss.krb5.accept {
<subsection name="Waffle">
<p>Full details of this solution can be found through the
- <a href="http://waffle.codeplex.com/";>Waffle site</a>. The key features are:
+ <a href="http://waffle.codeplex.com/";>Waffle site</a>. The key features
are:</p>
<ul>
<li>Drop-in solution</li>
<li>Simple configuration (no JAAS or Kerberos keytab configuration required)
</li>
<li>Uses a native library</li>
</ul>
- </p>
</subsection>
<subsection name="Spring Security - Kerberos Extension">
<p>Full details of this solution can be found through the
<a
href="http://static.springsource.org/spring-security/site/extensions/krb/index.html";>
- Kerberos extension site</a>. The key features are:
+ Kerberos extension site</a>. The key features are:</p>
<ul>
<li>Extension to Spring Security</li>
<li>Requires a Kerberos keytab file to be generated</li>
<li>Pure Java solution</li>
</ul>
- </p>
</subsection>
<subsection name="SPNEGO project at SourceForge">
<p>Full details of this solution can be found through the
<a href="http://spnego.sourceforge.net/index.html/";>project site</a>. The key
- features are:
+ features are:</p>
<ul>
<li>Uses Kerberos</li>
<li>Pure Java solution</li>
</ul>
- </p>
</subsection>
</section>
@@ -255,7 +254,7 @@ com.sun.security.jgss.krb5.accept {
<subsection name="Microsoft IIS">
<p>There are three steps to configuring IIS to provide Windows
authentication.
- They are:
+ They are:</p>
<ol>
<li>Configure IIS as a reverse proxy for Tomcat (see the
<a href="http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html";>
@@ -265,12 +264,11 @@ com.sun.security.jgss.krb5.accept {
setting the tomcatAuthentication attribute on the <a href="config/ajp.html">
AJP connector</a> to <code>false</code>.</li>
</ol>
- </p>
</subsection>
<subsection name="Apache httpd">
<p>Apache httpd does not support Windows authentication out of the box but
- there are a number of third-party modules that can be used. These include:
+ there are a number of third-party modules that can be used. These
include:</p>
<ol>
<li><a
href="http://sourceforge.net/projects/mod-auth-sspi/";>mod_auth_sspi</a>
for use on Windows platforms.</li>
@@ -279,8 +277,8 @@ com.sun.security.jgss.krb5.accept {
2.0.x on 32-bit platforms. Some users have reported stability issues with
both
httpd 2.2.x builds and 64-bit Linux builds.</li>
</ol>
- There are three steps to configuring httpd to provide Windows
- authentication. They are:
+ <p>There are three steps to configuring httpd to provide Windows
+ authentication. They are:</p>
<ol>
<li>Configure httpd as a reverse proxy for Tomcat (see the
<a
href="http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html";>
@@ -290,7 +288,6 @@ com.sun.security.jgss.krb5.accept {
setting the tomcatAuthentication attribute on the <a href="config/ajp.html">
AJP connector</a> to <code>false</code>.</li>
</ol>
- </p>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
