This is my first post to the tomcat list, so hello all. I am working on a project to automate management of a service via a web interface. I need to be able to authenticate users of my software and assign roles to them. So far, standard Realm stuff. But I have a couple of hiccups.
Firstly, I do not want to have to add users to a database. I am looking at several hundred potential users of the system, and I want them to use their existing unix/email passwords. The passwords are stored in NIS+, and only root has access to them. We have a program that can confirm if a password is true or false, and I am considering writing my own realm implementation that first checks their passwords using this program (setuid) then gets role information elsewhere. We also have a radius server, and LDAP, but I cannot add role information to the LDAP directory. All the users who will need to access the service are members of a particular unix group. I would like to base the role on the user's GID. I will need some extra roles as well, to allow for extra functionality for certain staff. I can store that information in a database. I am thinking that I will need to write my own Realm, with appropriate classes to support it. Before I tackle that, does anyone have a better idea? Also, would you use radius or make a system call to a program? Thanks, Sarah -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
