What database are you using?

SQL Server 2005 and later allows you to use windows password policy and 
password expiration.  You can enable that when you create your sql login.  You 
create your windows password policy outside of Tomcat in active directory.

However, as David pointed out to you in your other thread, you have write your 
own code to catch sql exceptions when user logs in with expired, inactive, etc. 
passwords.
 
Leo

-----Original Message-----
From: Stéphanie Cettou [mailto:s.cet...@gmail.com] 
Sent: Wednesday, March 31, 2010 8:25 AM
To: Tomcat Users List
Subject: Re: Windows Local user Login

I am confusing...

I have a JSP application and tomcat 5.5.

my goal it to implement a login for this application with this mandatory rules:

- Check type of password (more that 8 char, special char,...)
- Ask new password every month (from the web site)
- Block the user after 3 failed login
- Block inactive user (ex after 90 days)

and not Mandatory:
- Single-Sing-On for some users
- Add/modify/delete user from web site
- Get more roles at an user (my Java code is ready for a JDBCRealm
login) * read/modify pages and objects


The user must can connect from more pc, the finally application is in a Windows 
2003 server.
I don't know if I can use active directory (create a new active directory only 
for this application = install a new server), or others things...
I don't know if I need to implement this in java, or a existing solution is 
ready...

I don't have a lot of knowledge in active directory, tomcat, NTLM or Kerberos, 
....

I need to be sure to choise the good solution for all point of my goal while I 
can't spent a lot of time, and I can't change my solution later...

can you give me more informations, please? I don't have enough knowledge to 
choise the the simplest and best solution now...

thank you

Stéphanie



2010/3/31 Christopher Schultz <ch...@christopherschultz.net>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Stéphanie,
>
> On 3/31/2010 10:08 AM, Stéphanie Cettou wrote:
>> it is possible to do a windows authentication using local window xp 
>> users and Tomcat?
>
> Do you happen to be using ActiveDirectory?
>
>> <Realm className="org.apache.catalina.realm.JNDIRealm"
>> for Active directory users.
>>
>> It is possible to use the local windows users? If yes, how?
>
> Try googling for "tomcat windows authentication": there's some stuff 
> out there. A couple of things I found before I decided I was 
> getting-in over my head (are you using NTLM or Kerberos, etc.?), I found 
> these:
>
> http://spnego.sourceforge.net/
> http://wiki.apache.org/tomcat/FAQ/Windows#Q4
>
> I'm sure there are others.
>
> Another possibility (I suspect, though I don't know) is to use IIS out 
> in front of Tomcat, and have IIS perform the local authentication for 
> you, then pass that information through to Tomcat using AJP. This 
> might be an easier path for you to follow.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkuzW74ACgkQ9CaO5/Lv0PCWjgCghZXSFIO8/W/vrYJRdJ8JFJ9n
> O/cAnjZaOXhzbp/06cHf6NReLYW/9VOB
> =NQ3t
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to