DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3847>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3847 Apache authorization headers not passed through to servlet Summary: Apache authorization headers not passed through to servlet Product: Tomcat 3 Version: 3.3 Release Candidate 1 Platform: Other OS/Version: Windows NT/2K Status: NEW Severity: Normal Priority: Other Component: Unknown AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] I have a web app where access is managed by Apache using mod_ntlm. The servlet uses the req.getRemoteUser() method to determine who is logged in. This has worked fine with ApacheJServ and all TC3.3s to now (using ajp13 only - ajp12 also had this problem) When I installed TC3.3rc1 this broke. Apache is still authenticating the user and the authorization header is being passed through (useless since it is encrypted) but the req.getRemoteUser() method returns nothing. FYI the spec says getRemoteUser is to return the user name "that the client authenticated with". It doesn't say that "the client authenticated with the servlet container with". By way of clarifiction the servlet 2.3 api docs say: "same as the value of the cgi variable REMOTE_USER"
