Re: Disable password checking for Manager app
Rainer Jung-3 wrote: What about using a different connector to use the manager webapp? It wouldn't be to uncommon to let customer traffic in via the AJP connector, and local admin traffic via the/an http connector. Since that one wouldn't have the tomcatAuthentication=false, it should rely on the defined Realm. This opens up other problems that we do not wish to deal with. The Apache instance in question is on the local machine, so we would have to use a non-standard port, which will require getting that approved by the security team. Also, with the number of servers we plan of deploying with this architecture, this would become an administrative problem. Having the authentication infrastructure we are building pass the username from Apache to Tomcat makes this worlds easier, so we will not have to have a separate infrastructure for updating the Tomcat manager passwords. When you are talking about a dozen plus servers with a half dozen to a dozen Tomcat containers each, with both operational staff and separate development staff for each container needing access to the manager, managing passwords becomes challenging. Dracus -- View this message in context: http://www.nabble.com/Disable-password-checking-for-Manager-app-tp18537331p18577434.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Disable password checking for Manager app
Greetings, all I have a web app server that has Apache in front of Tomcat. Apache is handling user authentication and security checking (through an experimental X.509 - Kerberos gateway service being developed by others in my group, but that is neither here nor there), and passes the username (as either REMOTE_USER or Shib-InetOrgPerson-mail) to Tomcat. To get that to work, we had to include the 'request.tomcatAuthentication=false' directive in the AJP block of server.xml. Unfortunately, this kills the Tomcat manager, as it will no longer allow us to log into it. We use it extensively to deploy new versions of our web apps, etc. I have tried putting my authenticated username into tomcat-users.xml as a user with the manager role, and it still does not allow me to use the manger, with error 403: Access to the requested resource has been denied. I check the tomcat-users.xml file, and it has added a password entry (password=null) to my user define. So what I want to know is, can I get tomcat to accept the username passed in from Apache without a password (the only connection allowed into Tomcat is AJP) so that I can put the users allowed to access the manager app into tomcat-users.xml, and let Apache do all of the authentication? Any pointers would be greatly appreciated, thanks in advance. JDK 1.6.0 Tomcat 5.5.23 mod-jk 1.2.21 http 2.2.4 RHEL 5 shibboleth sp 1.3.1 -- View this message in context: http://www.nabble.com/Disable-password-checking-for-Manager-app-tp18537331p18537331.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Having both Manager and non-default webapps as root
Greetings, all, I am setting up a Tomcat server for the developers I work with, and am having a problem getting the config to work the way they requested. They want their own custom webapp to be the default webapp, and have the manager available to allow deploying new versions of their webapp, stopping and starting it, etc. I am setting the webapp to be the default webapp by adding this block to the server.xml file: Host name=ourapp.mit.edu appBase= Context path= docBase=webapps/ourapp /Context /Host And this kills the manager dead. I can not figure out what I need to do to bring the manager back so we can use it. Any pointers would be greatly appreciated. Thank you for your time. -- View this message in context: http://www.nabble.com/Having-both-Manager-and-non-default-webapps-as-root-tf4152861.html#a11814580 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
