If we're using JNDI for configuration, then it's a good idea to use JNDI for user config ( tomcat-users.xml ).
That would make the jndi authenticator 'first class'. In order to support jdbc 'user databases' we just need a jndi->jdbc adapter. I think that's a very nice and flexible solution - and will greatly simplify our code ( i.e. less depenencies ). It can also take care of the issues we have with keeping all the users in memory, and we can adapt the jndi cache for users ( which would be very cool !) It also means that in order to plug a new user database into tomcat you only need to implement a (standard) jndi DirContext. If you agree with that, we can( should ) eventually deprecate the actual intefaces ( UserDatabase, User, etc ), and document that a 'user database' is just a Context, and the user is just a DirContext with a number of required attributes. ( eventually named based on the ldap schema - inetPerson? , for maximum transparency ) Costin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>