I've never tried with Tomcat, but it's not hard to get other Unix applications to authenticate against the Kerberos component of ADS. I logon to Linux every day with ADS credentials, using Kerberos.
o Browsers will need to be set up to use GSSAPI authentication with the affected site. There's a plugin for Firefox that helps to manage the way it does this, where it's called Integrated Authentication for some reason. I don't know how to manage that in IE since there isn't an IE for Linux. :-/ o The server will need to offer GSSAPI authentication and know how to validate tickets. A lot of that is standard JRE equipment. http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html looks like good information on gluing it into Tomcat. If I were doing this, I'd first stop thinking of it as Windows or ADS authentication and think in terms of GSSAPI/Kerberos. Searching for "firefox kerberos authentication" showed me a lot of hits that might help you on the client side. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart.
pgp9LAw8gVbpY.pgp
Description: PGP signature