Rainer Jung-3 wrote: > > > What about using a different connector to use the manager webapp? It > wouldn't be to uncommon to let customer traffic in via the AJP > connector, and local admin traffic via the/an http connector. Since that > one wouldn't have the tomcatAuthentication="false", it should rely on > the defined Realm. > >
This opens up other problems that we do not wish to deal with. The Apache instance in question is on the local machine, so we would have to use a non-standard port, which will require getting that approved by the security team. Also, with the number of servers we plan of deploying with this architecture, this would become an administrative problem. Having the authentication infrastructure we are building pass the username from Apache to Tomcat makes this worlds easier, so we will not have to have a separate infrastructure for updating the Tomcat manager passwords. When you are talking about a dozen plus servers with a half dozen to a dozen Tomcat containers each, with both operational staff and separate development staff for each container needing access to the manager, managing passwords becomes challenging. Dracus -- View this message in context: http://www.nabble.com/Disable-password-checking-for-Manager-app-tp18537331p18577434.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]