intranet authentication with win2k
Greetings tomcat users! This question is 1/2 tomcat 1/2 apache. I'm developing an intranet site. The users logon with NT authentication onto our local network. The intranet is running tomcat/apache on solaris. I'm wondering if anyone has a solution for authenticating these users on the intranet without them having to log onto a separate system. I know there is an apache module for tying apache authentication to NT security (and I assume it's easy enough to pass this on to tomcat). But we're thinking of moving to the win2k native security system which I know nothing about. has anyone tackled this before? Any suggestions? Thanks, Rick Please pardon the long winded legal stuff below... This email and any attachments are confidential and may be legally privileged. No confidentiality or privilege is waived or lost by any transmission in error. If you are not the intended recipient you are hereby notified that any use, printing, copying or disclosure is strictly prohibited. Please delete this email and any attachments, without printing, copying, forwarding or saving them and notify the sender immediately by reply e-mail. Zurich Capital Markets and its affiliates reserve the right to monitor all e-mail communications through its networks. Unless otherwise stated, any pricing information in this e-mail is indicative only, is subject to change and does not constitute an offer to enter into any transaction at such price and any terms in relation to any proposed transaction are indicative only and subject to express final confirmation. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: intranet authentication with win2k
I'm not as familiar w/ NT security either, but it sounds like (from a Java programming standpoint) the getRemoteUser() method is your best bet. If I remember correctly, it returns the username *if* the user has logged in (in this case through NT security) or null otherwise. - Original Message - From: Mangi, Rick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 13, 2001 9:49 AM Subject: intranet authentication with win2k Greetings tomcat users! This question is 1/2 tomcat 1/2 apache. I'm developing an intranet site. The users logon with NT authentication onto our local network. The intranet is running tomcat/apache on solaris. I'm wondering if anyone has a solution for authenticating these users on the intranet without them having to log onto a separate system. I know there is an apache module for tying apache authentication to NT security (and I assume it's easy enough to pass this on to tomcat). But we're thinking of moving to the win2k native security system which I know nothing about. has anyone tackled this before? Any suggestions? Thanks, Rick Please pardon the long winded legal stuff below... This email and any attachments are confidential and may be legally privileged. No confidentiality or privilege is waived or lost by any transmission in error. If you are not the intended recipient you are hereby notified that any use, printing, copying or disclosure is strictly prohibited. Please delete this email and any attachments, without printing, copying, forwarding or saving them and notify the sender immediately by reply e-mail. Zurich Capital Markets and its affiliates reserve the right to monitor all e-mail communications through its networks. Unless otherwise stated, any pricing information in this e-mail is indicative only, is subject to change and does not constitute an offer to enter into any transaction at such price and any terms in relation to any proposed transaction are indicative only and subject to express final confirmation. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: intranet authentication with win2k
yes, once the person is logged into the web application. The question is, how do I get them logged into the web application without having to prompt for a user/pass. Rick -Original Message- From: John M. Corro [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 2:57 PM To: Tomcat Users List Subject: Re: intranet authentication with win2k I'm not as familiar w/ NT security either, but it sounds like (from a Java programming standpoint) the getRemoteUser() method is your best bet. If I remember correctly, it returns the username *if* the user has logged in (in this case through NT security) or null otherwise. - Original Message - From: Mangi, Rick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 13, 2001 9:49 AM Subject: intranet authentication with win2k Greetings tomcat users! This question is 1/2 tomcat 1/2 apache. I'm developing an intranet site. The users logon with NT authentication onto our local network. The intranet is running tomcat/apache on solaris. I'm wondering if anyone has a solution for authenticating these users on the intranet without them having to log onto a separate system. I know there is an apache module for tying apache authentication to NT security (and I assume it's easy enough to pass this on to tomcat). But we're thinking of moving to the win2k native security system which I know nothing about. has anyone tackled this before? Any suggestions? Thanks, Rick Please pardon the long winded legal stuff below... This email and any attachments are confidential and may be legally privileged. No confidentiality or privilege is waived or lost by any transmission in error. If you are not the intended recipient you are hereby notified that any use, printing, copying or disclosure is strictly prohibited. Please delete this email and any attachments, without printing, copying, forwarding or saving them and notify the sender immediately by reply e-mail. Zurich Capital Markets and its affiliates reserve the right to monitor all e-mail communications through its networks. Unless otherwise stated, any pricing information in this e-mail is indicative only, is subject to change and does not constitute an offer to enter into any transaction at such price and any terms in relation to any proposed transaction are indicative only and subject to express final confirmation. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] This email and any attachments are confidential and may be legally privileged. No confidentiality or privilege is waived or lost by any transmission in error. If you are not the intended recipient you are hereby notified that any use, printing, copying or disclosure is strictly prohibited. Please delete this email and any attachments, without printing, copying, forwarding or saving them and notify the sender immediately by reply e-mail. Zurich Capital Markets and its affiliates reserve the right to monitor all e-mail communications through its networks. Unless otherwise stated, any pricing information in this e-mail is indicative only, is subject to change and does not constitute an offer to enter into any transaction at such price and any terms in relation to any proposed transaction are indicative only and subject to express final confirmation. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: intranet authentication with win2k
What we have done is integrate NT authentication into a Tomcat realm. Using WIN2k you can use either the com.sun.security.auth packages to Use NTLoginModule (this only works on windows and only for the currently logged in user). Or you can use the Krb5 security module same group ... OR... you can use the fact that every WIN2k domain controller has an LDAP server in it as well ( active directory), login to it with DOMAIN credentials and query a custom attribute for roles. Be forwarned that Active Directory does not play by the LDAP rules. What a suprise! See http://java.sun.com/j2se/1.4/docs/guide/security/jaas/spec/ -Original Message- From: Mangi, Rick [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 2:05 PM To: 'Tomcat Users List' Subject: RE: intranet authentication with win2k yes, once the person is logged into the web application. The question is, how do I get them logged into the web application without having to prompt for a user/pass. Rick -Original Message- From: John M. Corro [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 2:57 PM To: Tomcat Users List Subject: Re: intranet authentication with win2k I'm not as familiar w/ NT security either, but it sounds like (from a Java programming standpoint) the getRemoteUser() method is your best bet. If I remember correctly, it returns the username *if* the user has logged in (in this case through NT security) or null otherwise. - Original Message - From: Mangi, Rick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 13, 2001 9:49 AM Subject: intranet authentication with win2k Greetings tomcat users! This question is 1/2 tomcat 1/2 apache. I'm developing an intranet site. The users logon with NT authentication onto our local network. The intranet is running tomcat/apache on solaris. I'm wondering if anyone has a solution for authenticating these users on the intranet without them having to log onto a separate system. I know there is an apache module for tying apache authentication to NT security (and I assume it's easy enough to pass this on to tomcat). But we're thinking of moving to the win2k native security system which I know nothing about. has anyone tackled this before? Any suggestions? Thanks, Rick Please pardon the long winded legal stuff below... This email and any attachments are confidential and may be legally privileged. No confidentiality or privilege is waived or lost by any transmission in error. If you are not the intended recipient you are hereby notified that any use, printing, copying or disclosure is strictly prohibited. Please delete this email and any attachments, without printing, copying, forwarding or saving them and notify the sender immediately by reply e-mail. Zurich Capital Markets and its affiliates reserve the right to monitor all e-mail communications through its networks. Unless otherwise stated, any pricing information in this e-mail is indicative only, is subject to change and does not constitute an offer to enter into any transaction at such price and any terms in relation to any proposed transaction are indicative only and subject to express final confirmation. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] This email and any attachments are confidential and may be legally privileged. No confidentiality or privilege is waived or lost by any transmission in error. If you are not the intended recipient you are hereby notified that any use, printing, copying or disclosure is strictly prohibited. Please delete this email and any attachments, without printing, copying, forwarding or saving them and notify the sender immediately by reply e-mail. Zurich Capital Markets and its affiliates reserve the right to monitor all e-mail communications through its networks. Unless otherwise stated, any pricing information in this e-mail is indicative only, is subject to change and does not constitute an offer to enter into any transaction at such price and any terms in relation to any proposed transaction are indicative only and subject to express final confirmation. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: intranet authentication with win2k
Have you implemented this with tomcat running on *nix? Or only on win2k? -Original Message- From: Bongiorno, Christian [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 2:11 PM To: 'Tomcat Users List' Subject: RE: intranet authentication with win2k What we have done is integrate NT authentication into a Tomcat realm. Using WIN2k you can use either the com.sun.security.auth packages to Use NTLoginModule (this only works on windows and only for the currently logged in user). Or you can use the Krb5 security module same group ... OR... you can use the fact that every WIN2k domain controller has an LDAP server in it as well ( active directory), login to it with DOMAIN credentials and query a custom attribute for roles. Be forwarned that Active Directory does not play by the LDAP rules. What a suprise! See http://java.sun.com/j2se/1.4/docs/guide/security/jaas/spec/ -Original Message- From: Mangi, Rick [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 2:05 PM To: 'Tomcat Users List' Subject: RE: intranet authentication with win2k yes, once the person is logged into the web application. The question is, how do I get them logged into the web application without having to prompt for a user/pass. Rick -Original Message- From: John M. Corro [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 2:57 PM To: Tomcat Users List Subject: Re: intranet authentication with win2k I'm not as familiar w/ NT security either, but it sounds like (from a Java programming standpoint) the getRemoteUser() method is your best bet. If I remember correctly, it returns the username *if* the user has logged in (in this case through NT security) or null otherwise. - Original Message - From: Mangi, Rick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 13, 2001 9:49 AM Subject: intranet authentication with win2k Greetings tomcat users! This question is 1/2 tomcat 1/2 apache. I'm developing an intranet site. The users logon with NT authentication onto our local network. The intranet is running tomcat/apache on solaris. I'm wondering if anyone has a solution for authenticating these users on the intranet without them having to log onto a separate system. I know there is an apache module for tying apache authentication to NT security (and I assume it's easy enough to pass this on to tomcat). But we're thinking of moving to the win2k native security system which I know nothing about. has anyone tackled this before? Any suggestions? Thanks, Rick Please pardon the long winded legal stuff below... This email and any attachments are confidential and may be legally privileged. No confidentiality or privilege is waived or lost by any transmission in error. If you are not the intended recipient you are hereby notified that any use, printing, copying or disclosure is strictly prohibited. Please delete this email and any attachments, without printing, copying, forwarding or saving them and notify the sender immediately by reply e-mail. Zurich Capital Markets and its affiliates reserve the right to monitor all e-mail communications through its networks. Unless otherwise stated, any pricing information in this e-mail is indicative only, is subject to change and does not constitute an offer to enter into any transaction at such price and any terms in relation to any proposed transaction are indicative only and subject to express final confirmation. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] This email and any attachments are confidential and may be legally privileged. No confidentiality or privilege is waived or lost by any transmission in error. If you are not the intended recipient you are hereby notified that any use, printing, copying or disclosure is strictly prohibited. Please delete this email and any attachments, without printing, copying, forwarding or saving them and notify the sender immediately by reply e-mail. Zurich Capital Markets and its affiliates reserve the right to monitor all e-mail communications through its networks. Unless otherwise stated, any pricing information in this e-mail is indicative only, is subject to change and does not constitute an offer to enter into any transaction at such price and any terms in relation to any proposed transaction are indicative only and subject to express final confirmation. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] This email and any attachments
RE: intranet authentication with win2k
Our realm is running under linux RH 7.1 -Original Message- From: Mangi, Rick [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 2:14 PM To: 'Tomcat Users List' Subject: RE: intranet authentication with win2k Have you implemented this with tomcat running on *nix? Or only on win2k? -Original Message- From: Bongiorno, Christian [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 2:11 PM To: 'Tomcat Users List' Subject: RE: intranet authentication with win2k What we have done is integrate NT authentication into a Tomcat realm. Using WIN2k you can use either the com.sun.security.auth packages to Use NTLoginModule (this only works on windows and only for the currently logged in user). Or you can use the Krb5 security module same group ... OR... you can use the fact that every WIN2k domain controller has an LDAP server in it as well ( active directory), login to it with DOMAIN credentials and query a custom attribute for roles. Be forwarned that Active Directory does not play by the LDAP rules. What a suprise! See http://java.sun.com/j2se/1.4/docs/guide/security/jaas/spec/ -Original Message- From: Mangi, Rick [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 2:05 PM To: 'Tomcat Users List' Subject: RE: intranet authentication with win2k yes, once the person is logged into the web application. The question is, how do I get them logged into the web application without having to prompt for a user/pass. Rick -Original Message- From: John M. Corro [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 2:57 PM To: Tomcat Users List Subject: Re: intranet authentication with win2k I'm not as familiar w/ NT security either, but it sounds like (from a Java programming standpoint) the getRemoteUser() method is your best bet. If I remember correctly, it returns the username *if* the user has logged in (in this case through NT security) or null otherwise. - Original Message - From: Mangi, Rick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 13, 2001 9:49 AM Subject: intranet authentication with win2k Greetings tomcat users! This question is 1/2 tomcat 1/2 apache. I'm developing an intranet site. The users logon with NT authentication onto our local network. The intranet is running tomcat/apache on solaris. I'm wondering if anyone has a solution for authenticating these users on the intranet without them having to log onto a separate system. I know there is an apache module for tying apache authentication to NT security (and I assume it's easy enough to pass this on to tomcat). But we're thinking of moving to the win2k native security system which I know nothing about. has anyone tackled this before? Any suggestions? Thanks, Rick Please pardon the long winded legal stuff below... This email and any attachments are confidential and may be legally privileged. No confidentiality or privilege is waived or lost by any transmission in error. If you are not the intended recipient you are hereby notified that any use, printing, copying or disclosure is strictly prohibited. Please delete this email and any attachments, without printing, copying, forwarding or saving them and notify the sender immediately by reply e-mail. Zurich Capital Markets and its affiliates reserve the right to monitor all e-mail communications through its networks. Unless otherwise stated, any pricing information in this e-mail is indicative only, is subject to change and does not constitute an offer to enter into any transaction at such price and any terms in relation to any proposed transaction are indicative only and subject to express final confirmation. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] This email and any attachments are confidential and may be legally privileged. No confidentiality or privilege is waived or lost by any transmission in error. If you are not the intended recipient you are hereby notified that any use, printing, copying or disclosure is strictly prohibited. Please delete this email and any attachments, without printing, copying, forwarding or saving them and notify the sender immediately by reply e-mail. Zurich Capital Markets and its affiliates reserve the right to monitor all e-mail communications through its networks. Unless otherwise stated, any pricing information in this e-mail is indicative only, is subject to change and does not constitute an offer to enter into any transaction at such price and any terms in relation to any proposed transaction are indicative only and subject to express final confirmation. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED
