My support team needs to be able to log in to our site as various users
(on behalf of...) to be able to see exactly what they are seeing since
roles, access groups, history is different for different users. I would
like to implement an admin password where I can log in as any userId
with this password. I totally realize the security risks involved in
this. But I am handling the security risks with additional
authorizations. I simply need to make every user have two passwords...
their real personal password, and the admin password. The only
alternative I have right now is to save off the user's password hash in
the USERS table, replace it with my password hash, then restore the
user's original password when I'm done. I'm not thrilled with that
solution first because it's a pain and error prone, and also because the
user can no longer log in while their password is replaced with my password.
I figure this function is buried in the authenticator code somewhere.
But I'd first like to see if anybody has done anything like this
already. If not, could somebody point me in the right direction to the
tomcat source file that I'm going to need to modify and also what's
involved in making authentication use my updated class instead of the
default.
Suggestions?
Thx
Jerry
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org