> I believe somewhere on java.sun.com I saw an article about setting up > JAAS as a tomcat realm to use NT authorisation. >
There's a big problem with JAAS and the NTLoginModule: it gives you the details of the currently logged on user. For a web app, this will be the user under which Tomcat is being run, not the person who has typed in his name and password in his browser. There are two solutions: 1. Use JNDI realm to talk to Active Directory. 2. Collect credentials yourself and use native code to call the WinAPI function LogonUser. I have written a centralized authentication service. One of the modules that I created to authenticate users against a Windows domain uses method 2 above. Kind regards, Chris Williams. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
