Doesn't look like there's a simple solution. You can get an LDAP adapter for RACF which should make it fairly easy to plug in a JAAS adapter. There's the CAS project (http://www.ja-sig.org/products/cas/), which provides enterprise-level single-sign-on, you can connect to that via Acegi Security (http://acegisecurity.sourceforge.net/). IBM makes a product called WebSeal, don't know if you have money to spend on this or not (they also make the LDAP RACF adapter).
I'd recommend getting the LDAP RACF adapter (no idea of cost) and configuring a PAM for JAAS. That's probably the easiest way. If you want to tackle a big project, bring in CAS and make it your enterprise standard. I think you'll still need the LDAP adapter, though, I didn't see a native CAS to RACF bridge. I also hear lots of good things about Acegi Security, but I've never used it myself. Worth a look, though. Good luck! --- Tracy Nelson / Nelnet Business Solutions 402 / 617-9449 ________________________________ From: Kevin Mullin [mailto:[EMAIL PROTECTED] Sent: Friday, 29 September, 2006 11:21 To: users@tomcat.apache.org Subject: Tomcat User Authentication Tomcat comes with a file, tomcat-users.xml, which is used for user authentication and to determine what they can access. We have our own userid authentication process on our IBM mainframe computers which uses something called RACF. Is there a way to get Tomcat to use this processs to determine proper userid and password authentication, in addition to using its own tomcat-users.xml to determine what the individual is capable of doing? Kevin Mullin Sr. Analyst IBM Corporation (206) 345-7068 [EMAIL PROTECTED] <http://www.ibm.com/ibm/values/>