Does there exist a mechanism by which Tomcat can be made to use NTLM authentication?
* * * * * * An existing web application that is written in Perl (with Apache as the webserver) is to be enhanced and re-written in JSP (with Tomcat as the JSP/servlet engine). The existing "Perl and Apache" website is configured to use mod_ntlm, in order to establish the identity of the Windows desktop user running IE5.01 that is accessing the Perl page; in order to determine whether the user is authorized for that particular page, the Perl script looks up the username in a website-specific database. That is, the authentication process is handled via the normal login to NT (later, the Web browser supplies the NT username information to the web server when the Web browser resubmits its request as an authenticated request); the per-page authorization process is internal to the web application. The problem for the re-write in JSP is that while Tomcat does support Basic authentication, Digest authentication, and Forms authentication, I have not been able to find a mechanism by which Tomcat can made to use NTLM authentication. I do not wish to start a discussion on the wisdom of using NTLM in the manner described; this is the existing behavior that the re-write in JSP is to mimic. I would be grateful for any hints towards the answer of the question: can Tomcat be configured (or extended) to use NTLM authentication? Thanks! Bill Storey UNICOM ==========================================================================To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com