I have a standalone Tomcat 5.0 instance, and a third-party webapp that has
support for authentication via LDAP. Of course, we don't have LDAP, we have
Kerberos. It should be a simple matter to plug in a different Realm, right?
I'm finding it hard to believe that no one has done this (Tomcat
authentication with Kerberos) yet, but Google just isn't turning up
anything.
I started at the Realm HowTo [0] and found the JAASRealm section.
From here it looks like I need to write my own LoginModule. Except... there
is com.sun.security.auth.module.Krb5LoginModule [1]. Can I just use that?
(I thought we weren't supposed to use com.sun.* classes, but it's not as
though I can write my *own* Kerberos LoginModule!)
After I (somehow) get the user authenticated with Kerberos, then I need to
look in a [non-JDBC] database to get the Role information. For User and
Role, it looks like I can extend AbstractUser and AbstractRole... but where
does the code go that would create instances?
In short, I'm confused. Can anyone offer advice on what I need to do to
make this work? Or better yet, point to someone who has already done it?
Thanks in advance!
[0] http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html
[1]
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html
--
Wendy Smoak
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
