RE: FLAWS FOUND IN APACHE
For versions 1.3.x this bug allows the attacker to execute arbitrary code on the attacked machine. On 64 bit architectures only. Please read the apache.org advisory... -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: authentication based on linux user accounts
look at tomcat's PAM integration... -- Tomasz M. Ciolek Systems Administrator - CSIRO Entomology Phone: 02-62464391 * Fax: 02-62464000 -Original Message- From: lloyd [mailto:[EMAIL PROTECTED]] Sent: Friday, 07 June 2002 09:57 To: tomcat-user Subject: authentication based on linux user accounts How can I set up tomcat to authenticate against linux user accounts, and to tie roles to linux groups? thx -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Question regarding Active Directory/LDAP
You be in rela trouble here. Active Directory uses a conglomeration of Kerberos 5 with MS ciphers and LDAP As for LDAP, I think its straightforward - look up the standard and get one bit at a time. Perhaps see the SMABA 3.x code and what it does (its a late beta stuff). What are you trying to do with the active directory information? regards TMC -- Tomasz M. Ciolek Systems Administrator - CSIRO Entomology Phone: 02-62464391 * Fax: 02-62464000 -Original Message- From: Chris Shen [mailto:[EMAIL PROTECTED]] Sent: Thursday, 06 June 2002 14:57 To: Tomcat Users List Subject: Question regarding Active Directory/LDAP i know this is not directly related to tomcat. i am trying to write a LDAP client in jsp to talk to an active directory. however, i am rather unfamiliar with the directory structure in active directory. i have one set up on my machine, but i am having trouble looking up attributes such as the base DN, CN, and so on. does anyone have any clue how to find this type of information on active directory? -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Starting TOmcat at Bootup
Yes. you also need to add it as links in the rc.0 through rc.6 directorries. just have a look at what ssh or sendmail does regards Tomasz Ciolek -- Tomasz M. Ciolek Systems Administrator - CSIRO Entomology Phone: 02-62464391 * Fax: 02-62464000 -Original Message- From: Johnny [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 14 May 2002 17:00 To: Tomcat Users List Subject: RE: Starting TOmcat at Bootup Hi Carlos, In my Redhat v7.2 machine, I added the tomcat bootup file (followed your script) inside init.d folder, but it's still not working. Did I miss out something? Johnny. -Original Message- From: Carlos [mailto:[EMAIL PROTECTED]] Sent: Monday, May 13, 2002 9:33 PM To: 'Tomcat Users List' Subject: RE: Starting TOmcat at Bootup Hi Abraham, I am using a script that is very similar to one that I found in earlier postings of this forum. I created it with the webadmin, named it tomcat, and it installed n init.d. It seem to start tomcat well in Linux RedHat v7.x. I did not link it to the user tomcat like the postings of your e-mail suggest. Anyways, I would appreciate any comments about the script that follows: #!/bin/sh # description: Starting Tomcat at bootup # chkconfig: 2345 99 00 # # Source function library . /etc/rc.d/init.d/functions # See how we are called case $1 in start) echo -n Starting tomcat: export JAVA_HOME=/opt/IBMJava2-131 export CATALINA_HOME=/usr/local/jakarta-tomcat-4.0.1 /usr/local/jakarta-tomcat-4.0.1/bin/startup.sh echo touch /var/lock/subsys/tomcat ;; stop) echo -n Shutting down tomcat: export JAVA_HOME=/opt/IBMJava2-131 export CATALINA_HOME=/usr/local/jakarta-tomcat-4.0.1 /usr/local/jakarta-tomcat-4.0.1/bin/shutdown.sh rm -f /var/lock/subsys/tomcat ;; restart) $0 stop $0 start ;; *) echo Usage: $0 { start | stop|restart|reload|status } exit 1 ;; esac exit 0 Carlos Oliva Senior Programmer/Analyst Positive Business Solutions, Inc. Cincinnati, OH 45240-1640 (513) 772 - 2255 ext 129 [EMAIL PROTECTED] Yahoo ID: ramboid_1997 -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Problems serving PDF to Netscape browsers
I would bet uit has to do with the way the PDF plugin intergares with netscape. Nows your netscape have an applicayion/pdf mapping in its mime type or a plug-in it recongises for the PDF? -- Tomasz M. Ciolek Systems Administrator - CSIRO Entomology Phone: 02-62464391 * Fax: 02-62464000 -Original Message- From: Jeff Larsen [mailto:[EMAIL PROTECTED]] Sent: Friday, 10 May 2002 07:33 To: Tomcat Users List Subject: Re: Problems serving PDF to Netscape browsers The content type header is correctly set to application/pdf. I even tested with a UNIX command line utility called webgrab which dumps the entire server response (including headers) to stdout. I can't find anything wrong with the server output. And yes, I tried it on another box to make sure it wasn't my system's fault. It's got to be something that the Netscape plugin doesn't like. I just uninstalled Acrobat and did my dynamic PDF page with all three browsers. Without Acrobat, they all just prompted me to save it as a file. All three files that I generated with each browser are identical!!! And once Acrobat was re-installed, they all opened just fine in the stand-alone Acrobat. Jeff - Original Message - From: Andy Eastham [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, May 09, 2002 4:20 PM Subject: RE: Problems serving PDF to Netscape browsers Jeff, Do you know that the correct mime type is being sent back to the browser? If there is no known mime type, I believe that IE makes guesses about what program to launch a file with based on its extension, but NS 4 doesn't seem to do this. If you haven't solved it yet, check the mime type being served, and check the associated programs for this mime type in Netscape. Otherwise, check the log file to see if the requests from IE and NS are different. Is one http 1.0 and http 1.1? Sorry if I'm not offering any solutions, but hopefully these are some additional routes for investigation. Andy -Original Message- From: Jeff Larsen [mailto:[EMAIL PROTECTED]] Sent: 09 May 2002 19:45 To: [EMAIL PROTECTED] Subject: Problems serving PDF to Netscape browsers I'm running out of hair to pull out here... My ultimate goal is to server dynamically generated PDF documents generated with iText. I've got it working just fine with MSIE. However, I was just getting blank pages with Netscape (and it wasn't even showing the toolbar for Acrobat). With NS6 I could at least see that it started an AcroRd32.exe process, but NS4 didn't even get that far. So, I did some tests to rule out some variables. I grabbed a handful of pre-generated PDF files and stuck them on my Apache 1.3.23 server. All browsers could display the PDFs just fine. Then I set up Tomcat 4.0.3 to server the same files directly without going through Apache. MSIE worked, but both NS browsers gave a blank page with no Acrobat plugin toolbar. Again NS6 managed to start an Acrobat process, NS4 didn't. My production environment is Apache 1.3.23 and Tomcat 4.0.3 connected with mod_jk. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: What does IMHO mean?
IMHO == In My Humble Opinion -- Tomasz M. Ciolek Systems Administrator - CSIRO Entomology Phone: 02-62464391 * Fax: 02-62464000 -Original Message- From: Darrin [mailto:[EMAIL PROTECTED]] Sent: Monday, 15 April 2002 09:34 To: Tomcat Users List Subject: Re: What does IMHO mean? LMAO (laughing my ass off) is what you probably are talking about (a lot of fonts its hard to distinguish between 1 (one) l (lowercase L), and i (lowercase I) [EMAIL PROTECTED] wrote: -Original Message- From: Robert Douglass [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 14, 2002 1:02 PM To: Tomcat Users List Subject: RE: What does IMHO mean? in my humble/honest opinion what I don't know is imao, which I also see. a = arrogant - tex -- To unsubscribe: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:tomcat-user- [EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: tomcat with ssl
I have noticed that there is no SSL keystore specified in the factory... that will kill the SSL on startup, as it will try to laod SSL certificates it wants to use... regards TMC -- Tomasz M. Ciolek Systems Administrator - CSIRO Entomology Phone: 02-62464391 * Fax: 02-62464000 -Original Message- From: Lawlor, Frank [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 03 April 2002 13:39 To: 'Tomcat Users List' Subject: RE: tomcat with ssl How are you trying to connect? What is the URL you are using? Is there anything in the logs? I assume you followed all the directions in the How-to? Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, March 31, 2002 11:46 PM To: Tomcat Users List Subject: tomcat with ssl I am configuring Tomcat with ssl. my system is; jakarta-tomcat-4.0.1 jsse-1_0_2-gl j2sdk-1_3_1_03 I put jcert.jar jnet.jar jsse.jar in $JAVA_HOME/jre/lib/ext. My apache is OK with ssl, and also Tomcat without ssl. When I take away --- and -- from text below, !-- Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=false acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS/ /Connector -- Tomcat seems ok to bootup, But can not connect from web browser, just keeping timeout. Wnen I coment out the text below; !-- Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS/ -- Tomcat works, but not with SSL. Please someone help me? Akihiro -- To unsubscribe: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:tomcat-user- [EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Tomact + apache + warp (mod_webapp) + SSL
Hi All UPS¡¡. I have spoken with Pier Fumagalli (http://nagoya.apache.org/~pier/): Apache2.0/Tomcat4.0 with mod_webapp and SSL are not fully implemented. SSL attributes can't be retrieval from servlet :-( To clarify: I am using Tomcat 4.0.2, apache 1.3.22, mod_warp, mod_ssl. What I want to do is to run an ssl session to the apache server on a particular IP/port, submit my servelt data and have the tomcat do the magic on it and spew data back out to the client. I am using apache because I know how to make it bind to a host:port and only accept some connections on that port. Error that I get when running apache with the SSL _on_ is: WebApp: Error 500 (File: pr_warp.c Line: 438) Invalid packet 68 It works fine when SSL is turned off. Running another instace of apache is not an option. I am not splitting my apache configs on a production machine. This should work out of the virtual server anyhow... Question is: Am I better off to run tomcat 4.0.2 natively with SSL on that host:port and a) How do I bind it to a specific host:port ONLY (I cannot afford to have it listening on all host for connections, I am running a multihomed (many ip's reside on this box) machine) b) How do I set up the SSL stuff? What format are the certs/keys in? Where do they live? Do all of them live is the same file? Will en existing PEM formated cert work? Can I adjust the Cipher lists? etc etc etc. Information is quite scarce. I have answers to the above for apache, apache + JServ also works. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Figuring out which Unix process is which
Other way is to use netstat -anp (the p poption tells you whaich PID has the port) -- Tomasz M. Ciolek Systems Administrator - CSIRO Entomology Phone: 02-62464391 * Fax: 02-62464000 -Original Message- From: Ralph Einfeldt [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 20 March 2002 19:36 To: Tomcat Users List Subject: AW: Figuring out which Unix process is which What we do, is to define a command line option that shows up at the beginning of the command string that identifies the site for which this vm is running. As we don't use tomcat, I can't tell you how to achieve this with tomcat. jserv.properties: wrapper.bin.parameters=-DName=sitename Another way to identify: look for a VM that connects to a given port. Under linux it lsof -i :port. Don't know how if lsof is part of the standard distribution for solaris. (Last time I've worked with that is over 3 years ago) -Ursprüngliche Nachricht- Von: Yoav Shapira [mailto:[EMAIL PROTECTED]] Gesendet: Dienstag, 19. März 2002 21:52 An: [EMAIL PROTECTED] Betreff: Figuring out which Unix process is which snip/ We run multiple instance of tomcat using the same JAVA_HOME, so when we run a ps command (Solaris 2.8) we see a bunch of java processes, but can't tell which one is which instance of tomcat. Does anyone have any ideas to help this problem? snip/ -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Tomact + apache + warp (mod_webapp) + SSL
Hi all Does any one have an idea how to make mod_webapp work properly with a apache mod_ssl vitual server? Here is the scenario: I have a web application that can run in either native tomcat or with apache as a fron end. I use mod webapp to provide a mapping of the application to the apache server (ala old style JServ) and then it talks to tomcat on port 8008. I was under the impression that this is how it works: apache gets a request for a mapped web application so that it looks like this: https://somehost/app?appdata on the client end, picks up the app-data and then shoves it down port 8008 on localhost (thats where the warp connector is told to go) and then returns the data to the client via SSL. SO it would look like this: client --- HTTPS --- Apache -- warp connection to locahost:8008 -- tomcat Is this possible or am I better of running native tomcat on port 443 and not bother with apache at all? regards Tomasz Ciolek -- Tomasz M. Ciolek Systems Administrator - CSIRO Entomology Phone: 02-62464391 * Fax: 02-62464000 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]