Re: [OT] Tomcat, JAAS and Kerberos

Fri, 12 Aug 2005 16:56:13 -0700 

Wendy,
Check out this article on JAAS with LDAP. I am sure that it might not be as hard to use Kerberos. I've seen an example of the userClassNames and roleClassNames somewhere this week. Let me see if I find it and I will forward it to you. 

The article on JAAS is at:
http://www.theserverside.com/articles/article.tss?l=Pramati-JAAS

Wendy Smoak wrote:


As I mentioned earlier today, we've licensed a (Struts-based, so I'm 
not *entirely* off topic) third-party webapp that comes pre-configured 
to do LDAP authentication.  We, of course, do not have LDAP.  We have 
Kerberos. Easy enough, I thought... surely there's a KerberosRealm I 
can configure and plug in.  Apparently not.



I can successfully authenticate with Kerberos at the command line 
using the code in the tutorial:
  
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/AcnOnly.html 




I can not, however, figure out what I'm supposed to do to fit that 
part into the Catalina JAASRealm, as described here:
  
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#JAASRealm 




The first thing it says is "Write your own LoginModule".  
(Frightening... *I* have to talk to the Kerberos service?)  But 
there's already com.sun.security.auth.module.Krb5LoginModule which is 
used in the tutorial, so maybe not.  I have that in 
$CATALINA_HOME/conf/jaas.config with JAVA_OPTS set properly.



And that's about as far as I can get.  When I go to configure 
server.xml, it wants class names for users and roles:

     <Realm className="org.apache.catalina.realm.JAASRealm"
                appName="JaasSample"
                userClassNames="???"
                roleClassNames="???"
                debug="99"/>


Even if I write a couple of classes and fill in the blanks, I don't 
see what's ever going to instantiate them.


What am I missing?  This can't be as hard as I'm making it.

Thanks,
Wendy Smoak


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to