Re: client authentication with client certificates (ssl)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Thomas wrote: Paul Puschmann wrote: we'd like to use our Tomcat with ssl and client certificates. Does anybody know if the user information (of the user-certificate) can be used to authenticate? Tomcat is 5.5.7 CLIENT-CERT authentication is supported. That is fine, but how can I use the CLIENT-CERT information in my applications? In the client certificates should be a name and/or customer number in the usual fields. I want my application to use e.g. the customer number for further authorization. (Please answer below the quote, this enhances readability) Paul - -- Linux-User #271918 with the Linux Counter, http://counter.li.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (MingW32) iEYEARECAAYFAkKerp0ACgkQqErKtBWD7VSoagCgh9qmuiRedu7h8Jc3bhnVIlCi d14An0ZOBFp2vGfB8tu6Ym/xyNuyCEsj =0rap -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
client authentication with client certificates (ssl)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, we'd like to use our Tomcat with ssl and client certificates. Does anybody know if the user information (of the user-certificate) can be used to authenticate? Tomcat is 5.5.7 Paul - -- Linux-User #271918 with the Linux Counter, http://counter.li.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (MingW32) iEYEARECAAYFAkKdlLkACgkQqErKtBWD7VRYqACdEGzKWKtmIOYChETbsH4AnkIW l50AoLqVNHzQKjF05nz475tgN70t4H16 =EY9o -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SuSE 9.3...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Quinton Delpeche wrote: When I install Tomcat 5 (base, examples, and admin) I get an error with the packages. I read that this is to do with incorrect directory names or link names. On one of my other test machines I keep getting a socket exception and a broken pipe exception when trying to connect via JDBC to a PostgreSQL server. My catalina.start in the log files directory indicates a problem with the permissions for tomcat5.pid. Now I have spent the whole day trawling the web, searching google, trying various things and even searching the archives of this mailing list and I still can't solve the problem. I have now tried this on 5 different machines with two different (original) sets of SuSE 9.3 discs and I still get these errors. I have tried both 1.4 and 1.5 SDKs and still these errors persist. I can't believe that I am the unfortunate person to discover this problem... ...I can't be that unlucky. :( Q File a bug at suse. Find out if all files (e.g. the .pid) have the correct users and rights. Kind regards, Paul - -- Linux-User #271918 with the Linux Counter, http://counter.li.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (MingW32) iEYEARECAAYFAkKDS6QACgkQqErKtBWD7VSFBgCg/SffP4T72fwd3M/4Rb5Y93ty ZJkAoP8IG41eDY14LpSpbGIxBrczJPWL =svkk -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL with client certificates + use in application
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, we'd like use use ssl client certificates (stored on smartcards) to secure the access to one of our servers. Right now I use an Apache2 with mod_jk, so my apache2 is the ssl endpoint. That's not so bad, but I am searching for a way to integrate the user-id served by the client-certificate in our application. An example: The user logs in with his smartcard, using his pin when establishing the ssl-connection, and then gets to our jsp-pages (application). Here he shouldn't get another login screen. instead the ssl-credentials should be used. Perhaps someone here uses something like this and give me some hints. The Apache2 with mod_jk is optional, we could also use the Tomcat 5.5 directly with ssl if this is the only way. Kind regards, Paul - -- Linux-User #271918 with the Linux Counter, http://counter.li.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (MingW32) iEYEARECAAYFAkJ19I8ACgkQqErKtBWD7VTd1gCg289PJ4CfE5e1M7ZSWTuNo8ER pfoAnjbRCWb1afIoEh2DZhJYx1QTtCOX =HzIQ -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with installing tomcat in linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: yes i did exported those env variables. but still i am getting the following error Cannot find ./catalina.sh This file is needed to run this program I have even checked for the file permission mode. and also tried these commands #dos2unix startup.sh ... Still i am not getting. can't you get a packaged version from your linux distribution? (SuSE, Debian, ...) Kind regards, Paul -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (MingW32) iEYEARECAAYFAkJaflEACgkQqErKtBWD7VTGgQCffu5VcknvuFOI2GDR6vF6ilge 3GwAoKW4iRneSxmDVzWQshgoWs5jJ14p =BBAu -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Access denied with Apache + Tomcat config
Tony Stocker wrote: All, I believe that I found my problem, and for the sake of posterity I'm posting it for the next poor fool who is forced to chase around the web and through books looking for decent documentation. When I set up Tomcat I copied the sample workers.properties file from the JK source. However it turns out that the sample file uses the wrong worker name (compared to the name that is automatically generated.) In my case, the sample file was this: worker.list=ajp13w worker.ajp13w.type=ajp13 worker.ajp13w.host=localhost worker.ajp13w.port=8009 However, as can be seen in my original post, the conf/auto/mod_jk.conf file wants to use ajp13. By changing the workers.properties file to 'ajp13' and NOT 'ajp13w' everything started working. Since you adresss the worker to use in the JkMount-entry, you should use the name of the existing worker in your virtualhost-file. (ajp13w) Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
jk2 for Apache2 and Tomcat 4
Hi, we want to use Apache2 (2.0.53) as a frontend for out Tomcat (4.1.31) and don't get the right configuration for our jk2 (2.0.4). This all runs with Java 1.4.2_06 on Debian Sarge x86. We want to serve two or three different applications through our apache2. Each one gets its own VirtualHost and ssl-keys and -rules. These three application all run on (the) one tomcat. Now I use the following configs, that I picked from some howto-pages: Apache2: # inside workers.properties: [shm] file=/var/log/apache2/shm.file size=1048576 [channel.socket:localhost:8009] port=8009 host=127.0.0.1 [channel.un:/usr/share/tomcat4/work/jk2.socket] tomcatId=localhost:8009 debug=0 [ajp13:localhost:8009] channel=channel.socket:localhost:8009 [status:status] [uri:/status/*] worker1=status:status # my.domain.de as a substitute for our real dns-name [uri:my.domain.de:443/*.jsp] worker1=ajp13:localhost:8009 # mod_jk2.conf: JkSet config.file /etc/apache2/workers2.properties # inside the virtual-host: Location /* JkUriSet worker ajp13:localhost:8009 /Location Directory /*/WEB-INF/* AllowOverride None Deny from all /Directory My problem is now to create the different workers an the entries in the VirtualHost. Yes, I did search in google, but most of the stuff used jk1 oder was about compiling jk2. Any help appreciated, kind regards, Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk2 for Apache2 and Tomcat 4
Mladen Turk wrote: Paul Puschmann wrote: Hi, we want to use Apache2 (2.0.53) as a frontend for out Tomcat (4.1.31) and don't get the right configuration for our jk2 (2.0.4). This all runs with Java 1.4.2_06 on Debian Sarge x86. Do not use JK2. Use JK instead. See: http://jakarta.apache.org/tomcat/connectors-doc/news/20041100.html#20041115.1 JK2 is not supported, neither it will be. Reasons are many, but the main is that mod_jk is simply a better product then mod_jk2 ever was. Okay, I didn't notice this at all. Thanks! Well, i should have some tries now with jk1 (1.2.5). Oh, and I have to use Apache now instead of Apache2, of course. If you have some hints or howto's regarding my problem... Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk2 for Apache2 and Tomcat 4
Dale, Matt wrote: 1.2.6 is the latest and should work with Apache 2 so you don't have to go back to apache 1. Ta Matt Okay, but I don't get jk1 for apache2 as a ready debian-package. I prefer ready-built packages, because otherwise I could miss some important compiling options or get some version-dependancy-errors or such. Thank you for your advice, Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk2 for Apache2 and Tomcat 4
Sébastien GALLET wrote: Paul Puschmann a écrit : Dale, Matt wrote: 1.2.6 is the latest and should work with Apache 2 so you don't have to go back to apache 1. Ta Matt Okay, but I don't get jk1 for apache2 as a ready debian-package. I prefer ready-built packages, because otherwise I could miss some important compiling options or get some version-dependancy-errors or such. I've made one for my personal use. Let me know if you want it Hi Sébastien, this would be great. My system is Sarge on x86, using the newest Apache2 (2.0.53). I'd like to test it. Big mails are no problem for me (and hopefully not for my provider). Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
