Hello Jacob,
to authenticate against the AD I used the JAAS compliant Krb5LoginModule from Sun which is included in the J2SE. I don't know from which version. There is also included a Krb5LoginModule in the IBM J2SE having the packacke name com.ibm... instead of com.sun...
Have a look at http://jakarta.apache.org/slide/howto-jaas.html on how to setup a JAAS realm in Tomcat. Instead of the example JAAS configuration given in jaas.config you have:
slide_login {
com.sun.security.auth.module.Krb5LoginModule required
debug=false
useTicketCache=false;
};Here you can find all possible parameters of this login module: http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html
Then set all necessary JVM options:
-Djava.security.auth.login.config=path-to-jaas.config
a) Whether you give necessary Kerberos properties by setting several JVM options
java.security.krb5.realm=YOURREALM.YOURDOMAIN.SE (works only with capital letters)
java.security.krb5.kdc=YOURADSERVERNAME.YOURDOMAIN.SE (it is the same server as the LDAP server; AD provides a LDAP interface)
sun.security.krb5.debug=true|false
b) or you specify a Kerberos property file where you have the above mentioned properties included
Have a look here: http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/KerberosReq.html
I have also found something about trouble with Windows XP and the Java 1.4.1_01 VM:
http://forum.java.sun.com/thread.jsp?thread=331469&forum=4&message=1977063
Hope this helps Regards, Stefan
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
