n has access to / every role he has.
>
> cheers
> dB.
>
>
>
> dB. @ dblock.org
> Moscow|Geneva|Seattle|New York
>
>
> -Original Message-
> From: geofrey rainey [mailto:geofr...@gmail.com]
> Sent: Tuesday, June 01, 2010 10:13 PM
> To: Tomcat Users List
e|New York
>
>
> -Original Message-
> From: geofrey rainey [mailto:geofr...@gmail.com]
> Sent: Tuesday, June 01, 2010 10:13 PM
> To: Tomcat Users List
> Subject: Re: JAAS Realm Authentication with Kerberos
>
> Right, so let me get this straight; Presently the Kerbe
10:13 PM
To: Tomcat Users List
Subject: Re: JAAS Realm Authentication with Kerberos
Right, so let me get this straight; Presently the KerberosLoginModule saves
the role information (defined as u...@realm) as a Principal which is then
compared against the literal string defined in web.xml. So what
Right, so let me get this straight; Presently the KerberosLoginModule saves
the role information (defined as u...@realm) as a Principal which is then
compared against the literal string defined in web.xml. So what you're
suggesting is modify the KerberosLoginModule so that, essentially, the
credent
If you look at the KerberosLoginModule code, it wants to be modified to
retrieve roles from somewhere in your system. For example a user database that
says that u...@realm is "manager". Then you can say ...
manager in web.xml rather than u...@realm. Listing individual users clearly
isn't prac