"Craig R. McClanahan" wrote:
>
> * Support for two major modes of operation:
>
> * SYSTEM LOGIN. Realm implementation binds itself to the server using
> a system-level username/password, then reads the username and password
> attributes to perform authentication (analogous to how JDBCRealm
> works). Would also support the optional digesting functionality that
> JDBCRealm supports.
>
> * USER LOGIN. Realm implementation attempts to bind to the server
> using the username and password specified by the user. If this is
> successful, the user is considered to be authenticated, and the
> associated roles are looked up.
This is the way we do it, but it has the problem of not being able to be
used with digest authentication, since the input to the digest method
are different when done on the LDAP server, and when done by the http
client. (Ok, maybe a genious of an SASL expert could do it, but it would
require getting the nounce from the LDAP server, which would require
some modification to some tomcat classes.)
--
- Torgeir
