I am confusing... I have a JSP application and tomcat 5.5.
my goal it to implement a login for this application with this mandatory rules: - Check type of password (more that 8 char, special char,...) - Ask new password every month (from the web site) - Block the user after 3 failed login - Block inactive user (ex after 90 days) and not Mandatory: - Single-Sing-On for some users - Add/modify/delete user from web site - Get more roles at an user (my Java code is ready for a JDBCRealm login) * read/modify pages and objects The user must can connect from more pc, the finally application is in a Windows 2003 server. I don't know if I can use active directory (create a new active directory only for this application = install a new server), or others things... I don't know if I need to implement this in java, or a existing solution is ready... I don't have a lot of knowledge in active directory, tomcat, NTLM or Kerberos, .... I need to be sure to choise the good solution for all point of my goal while I can't spent a lot of time, and I can't change my solution later... can you give me more informations, please? I don't have enough knowledge to choise the the simplest and best solution now... thank you Stéphanie 2010/3/31 Christopher Schultz <ch...@christopherschultz.net>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Stéphanie, > > On 3/31/2010 10:08 AM, Stéphanie Cettou wrote: >> it is possible to do a windows authentication using local window xp >> users and Tomcat? > > Do you happen to be using ActiveDirectory? > >> <Realm className="org.apache.catalina.realm.JNDIRealm" >> for Active directory users. >> >> It is possible to use the local windows users? If yes, how? > > Try googling for "tomcat windows authentication": there's some stuff out > there. A couple of things I found before I decided I was getting-in over > my head (are you using NTLM or Kerberos, etc.?), I found these: > > http://spnego.sourceforge.net/ > http://wiki.apache.org/tomcat/FAQ/Windows#Q4 > > I'm sure there are others. > > Another possibility (I suspect, though I don't know) is to use IIS out > in front of Tomcat, and have IIS perform the local authentication for > you, then pass that information through to Tomcat using AJP. This might > be an easier path for you to follow. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkuzW74ACgkQ9CaO5/Lv0PCWjgCghZXSFIO8/W/vrYJRdJ8JFJ9n > O/cAnjZaOXhzbp/06cHf6NReLYW/9VOB > =NQ3t > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org