Can someone let me know how to setup NTLM authentication such that all access to tomcat is restricted to users in a specific group?
I have an instance of tomcat and it is serving several opengrok web apps. Each opengrop app is pointing at a different source tree. I want to restrict access to all of these webapps to a specific group of users. When I offer php based webapps and restrict them to a group of users, I use apache2 authentication with a perl based NTLM extension. Since tomcat is running on a different port, I tried binding tomcat to localhost or loopback only and then used the proxy directive from apache2 to the offer the applications to users on my lan. This worked, but the NTLM auth failed when I added it in. I see my options as: a) get apache auth to work via the proxy b) forget apache auth and have tomcat handle the authentication. I looked around the docs, googling here and there but most authentication appeared to be at the individual web application level and not for the entire instance. - Is authentication at the entire tomcat instance level a practice that people do? - Is there a standard way to tie it into NTLM? So, can you send me links or advice if you happen to know of a good resource for issue or see that I'm approaching in a needlessly difficult way? Thanks -- Peter Kahn [EMAIL PROTECTED] [EMAIL PROTECTED], [EMAIL PROTECTED]
