> Yes, it works (-ish) with request.tomcatAuthentication=false, > but despite of what the switch should do, the Tomcat is still > Requesting a full groups-list from the DC / AD every time, even if the > IIS has already done the auth. On big systems this creates a not bearable > network load and delay.
Is tomcat or IIS doing the group retrieval from the windows domain controller? How have you verified that tomcat is doing the NTLM stuff? Have you got tomcat configured to do the NTLM authentication/authorisation? With the request.tomcatAuthentication=false seems to disable the tomcat authentication mechanism it doesn't do any NTLM stuff. -lp --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
