DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41318>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41318 Summary: JK Status Worker Security User Case Problem in Windows Product: Tomcat 5 Version: Unknown Platform: PC OS/Version: Windows Server 2003 Status: NEW Severity: normal Priority: P2 Component: Native:JK AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] First, thank you for implementing security in JK. I know it was possible to secure it before in Apache, but in IIS, JK is run before the NTFS-Rights apply. So this is a long awaited feature. But seeing that this mainly applies to non-apache environments, it is bad that the user check done case sensitive.In IIS, especially when working with domain Users, User may com in UCase/LCase Domain\User in any combination. Even Cast differences in the Username (i.e. First letter capital or not) occour. Windows does not care, but JK does. So one can auth against IIS, but still be blocked from JK, even with the right user. In the moment we workaround this with trying to put any combination in the properties-file. But this is a hopeless fight. I understand that you might not be able to simply LCase the username because that would lose some compatibility to the unix side. But maybe you can introduce a parameter like "worker.jk-manage.casesensitive=True|False" ? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
