https://bz.apache.org/bugzilla/show_bug.cgi?id=65302
--- Comment #7 from Michael Osipov <micha...@apache.org> ---
(In reply to Mike Millson from comment #6)
> (In reply to Michael Osipov from comment #1)
> > The only SASL mech supporting this is GSSAPI and you can
> > request GSS-API to completely encrypt your traffic with Kerberos
> > (auth-conf), no TLS necessary.
>
> Do you have an example of a configuration that does this that I could
> propose as an alternative?
Yes, see my DirContextSource [1] which I have been using the last eight years.
Works pefectly in Tomcat also.
In production:
<Resource name="gc/ad.example.com"
type="net.sf.michaelo.dirctxsrc.DirContextSource"
factory="net.sf.michaelo.dirctxsrc.DirContextSourceFactory"
urls="ldap://ad.example.com:3268";
auth="gssapi" loginEntryName="tomcat-initiate" referral="ignore"
qop="auth-conf"
additionalProperties="com.sun.jndi.ldap.connect.timeout=1000;com.sun.jndi.ldap.read.timeout=1000"
/>
In the world's largest forest.
[1] http://dirctxsrc.sourceforge.net/dircontextsourcefactory.html
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
