-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jacob,
Jacob Rhoden wrote: > Jerome Benezech wrote: >> In this case, which user would be authenticated in >> LDAP ? If th user connecting to LDAP is 'tomcat', the >> issue remains no ? >> > Not quite. You reconfigure tomcat to use LDAP to lookup passwords, > instead of reading a text file. LDAP is a server that listens on a port > on a server. So the passwords are no longer stored and owned by the > tomcat user, but by the LDAP server, which can have its own file > permissions and so on. I believe Jerome is correct... the problem is merely moved. We have this discussion repeatedly on the list... how to authenticate without putting a plaintext password anywhere. It's basically impossible. Somehow, Tomcat has to authenticate itself to someone, so a password must be somewhere. The advantages to switching to LDAP (or RDBMS, or any other authentication, really) are that you can hide all but one of the passwords from snoopers on the local machine. You'll still need to have a set of credentials available to Tomcat, though, and so the issue remains. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTZ5N9CaO5/Lv0PARAvzIAJ0SK/E3+3seb4ZlrxO7Iz52N3HeQQCcCiA0 bwrB487ErHiHNwn/geIK5X4= =knKw -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
