[33343] in Kerberos
Re: IIS, Tomcat & Kerberos
daemon@ATHENA.MIT.EDU (Danny Mayer)
Fri Apr 22 15:50:52 2011
Message-ID: <4DB0F2ED.70804@gis.net>
Date: Thu, 21 Apr 2011 23:15:57 -0400
From: Danny Mayer <mayer@gis.net>
MIME-Version: 1.0
To: dirweis <dirweis@web.de>
In-Reply-To: <31440266.post@talk.nabble.com>
X-SA-Exim-Rcpt-To: dirweis@web.de, kerberos@mit.edu
X-SA-Exim-Mail-From: mayer@gis.net
Cc: kerberos@mit.edu
Reply-To: mayer@gis.net
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 4/20/2011 7:03 AM, dirweis wrote:
>
> Hi,
>
> I'm trying to use the Kerberos authentication on IIS for reading out the
> user's name.
>
> To make it even more complicated: I let a Tomcat run via IIS 6.0 on which a
> minimalistic servlet is running that does nothing but printing the user's
> name:
>
> out.print("Logged in as: " + request.getRemoteUser());
>
> Tomcat's already running fine via the IIS (port 8080 is no longer needed in
> the URL :-)
>
This makes no sense. Tomcat has nothing to do with IIS. It needs to do
it's own Kerberos authentication.
I've used Waffle to successfully authenticate a user. The above code is
not written in Java which is what it would need to be if you were doing
it from a Servlet. You need to use getUserPrincipal() from the
authentication object. The code looks something like this:
java.security.Principal principal = httpreq.getUserPrincipal();
if (principal != null)
userID = principal.getName();
where httpreq is an object of the class
javax.servlet.http.HttpServletRequest.
> For a simple testing my Windows 2003 server is all in one: Active Directory
> Domain Controller / DNS, IIS server, Tomcat server and client.
>
> For using Kerberos the following steps have been done:
>
> - Kerberos Network Identity Manager is running
>
> - I followed the howto on http://support.microsoft.com/kb/215383, section
> IIS 6.0
>
> - IIS Default Web Site security runs with disabled anonymous access and with
> checked option 'Integrated Windows authentication'
>
> Can you tell me what else is needed?
>
> Many thanks in advance for helpful answers!
>
> Cheers, Dirk
If the question is about IIS, ask Microsoft. If it's about Tomcat, see
above. They are not related. Each server needs to do it's own
authentication.
Danny
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
