Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Tomcat Users »

Tomcat authentication with Kerberos

Wendy Smoak

2005-08-11

Replies:

I have a standalone Tomcat 5.0 instance, and a third-party webapp that has
support for authentication via LDAP. Of course, we don't have LDAP, we have
Kerberos. It should be a simple matter to plug in a different Realm, right?

I'm finding it hard to believe that no one has done this (Tomcat
authentication with Kerberos) yet, but Google just isn't turning up
anything.

I started at the Realm HowTo [0] and found the JAASRealm section.

From here it looks like I need to write my own LoginModule. Except... there
is com.sun.security.auth.module.Krb5LoginModule [1]. Can I just use that?
(I thought we weren't supposed to use com.sun.* classes, but it's not as
though I can write my *own* Kerberos LoginModule!)

After I (somehow) get the user authenticated with Kerberos, then I need to
look in a [non-JDBC] database to get the Role information. For User and
Role, it looks like I can extend AbstractUser and AbstractRole... but where
does the code go that would create instances?

In short, I'm confused. Can anyone offer advice on what I need to do to
make this work? Or better yet, point to someone who has already done it?
Thanks in advance!

[0] http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html
[1]
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html

--
Wendy Smoak



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)

©2008 junlu.com - Jax Systems, LLC, U.S.A.