Author: markt
Date: Sat Mar 26 16:45:26 2011
New Revision: 1085764

URL: http://svn.apache.org/viewvc?rev=1085764&view=rev
Log:
Add some Windows authentication notes to the docs
Added:
    tomcat/trunk/webapps/docs/windows-auth-howto.xml   (with props)
Modified:
    tomcat/trunk/webapps/docs/project.xml

Modified: tomcat/trunk/webapps/docs/project.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/project.xml?rev=1085764&r1=1085763&r2=1085764&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/project.xml (original)
+++ tomcat/trunk/webapps/docs/project.xml Sat Mar 26 16:45:26 2011
@@ -67,6 +67,9 @@
         <item name="27) Mavenized"          href="maven-jars.html"/>
         <item name="28) Security Considerations"
               href="security-howto.html"/>
+        <item name="29) Windows Service"    href="windows-service-howto.html"/>
+        <item name="30) Windows Authentication"   
+              href="windows-auth-howto.html"/>
     </menu>
 
     <menu name="Reference">

Added: tomcat/trunk/webapps/docs/windows-auth-howto.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/windows-auth-howto.xml?rev=1085764&view=auto
==============================================================================
--- tomcat/trunk/webapps/docs/windows-auth-howto.xml (added)
+++ tomcat/trunk/webapps/docs/windows-auth-howto.xml Sat Mar 26 16:45:26 2011
@@ -0,0 +1,118 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE document [
+  <!ENTITY project SYSTEM "project.xml">
+]>
+<document url="windows-auth-howto.html">
+
+    &project;
+
+    <properties>
+      <title>Windows Authentication How-To</title>
+    </properties>
+
+<body>
+
+<section name="Table of Contents">
+<toc/>
+</section>
+
+<section name="Overview">
+<p>Integrated Windows authentication is most frequently used within intranet
+environments since it requires that the server performing the authentication 
and
+the user being authentication are part of the same domain. For the user to be
+authenticated automatically, the client machine used by the user must also be
+part of the domain.</p>
+<p>There are several options for implementing integrated Windows authentication
+with Apache Tomcat. They are:
+<ul>
+<li>Built-in Tomcat support (work in progress, not yet available).</li>
+<li>Use a third party library such as Waffle.</li>
+<li>Use a reverse proxy that supports Windows authentication to perform the
+authentication step such as IIS or httpd.</li>
+</ul>
+The configuration of each of these options is discussed in the following
+sections.</p>
+</section>
+
+<section name="Built-in Tomcat support">
+<p>TBD.</p>
+</section>
+
+<section name="Third party libraries">
+
+  <subsection name="Waffle">
+  <p>Full details of this solution can be found on the
+  <a href="http://waffle.codeplex.com/";>Waffle site</a>. The edited highlights
+  are:
+  <ul>
+  <li>Drop-in solution</li>
+  <li>Simple configuration (no JAAS or Kerberos keytab configuration required)
+  </li>
+  </ul>
+  </p>
+  </subsection>
+
+</section>
+
+<section name="Reverse proxies">
+
+  <subsection name="Microsoft IIS">
+  <p>There are three steps to configuring IIS to provide Windows 
authentication.
+  They are:
+  <ol>
+  <li>Configure IIS as a reverse proxy for Tomcat (see the
+  <a href="http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html";>
+  IIS Web Server How-To)</a>.</li>
+  <li>Configure IIS to use Windows authentication</li>
+  <li>Configure Tomcat to use the authentication user information from IIS by
+  setting the tomcatAuthentication attribute on the <a href="config/ajp.html">
+  AJP connector</a> to <code>false</code>.</li>
+  </ol>
+  </p>
+  </subsection>
+
+  <subsection name="Apache httpd">
+  <p>Apache httpd does not support Windows authentication out of the box but
+  there are a number of third-party modules that can be used. These include:
+  <ol>
+  <li><a 
href="http://sourceforge.net/projects/mod-auth-sspi/";>mod_auth_sspi</a>
+  for use on Windows platforms</li>
+  <li><a href="http://modntlm.sourceforge.net/";>mod_ntlm</a> for non-Windows
+  platforms (NTLM v1 only)</li>
+  <li><a 
href="http://adldap.sourceforge.net/wiki/doku.php?id=mod_auth_ntlm_winbind";>
+  mod_auth_ntlm_winbind</a> for non-Windows platforms (NTLM v2)</li> 
+  </ol>
+  There are three steps to configuring httpd to provide Windows
+  authentication. They are:
+  <ol>
+  <li>Configure httpd as a reverse proxy for Tomcat (see the
+  <a 
href="http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html";>
+  Apache httpd Web Server How-To)</a>.</li>
+  <li>Configure httpd to use Windows authentication</li>
+  <li>Configure Tomcat to use the authentication user information from httpd by
+  setting the tomcatAuthentication attribute on the <a href="config/ajp.html">
+  AJP connector</a> to <code>false</code>.</li>
+  </ol>
+  </p>
+  </subsection>
+
+</section>
+
+</body>
+</document> 

Propchange: tomcat/trunk/webapps/docs/windows-auth-howto.xml
------------------------------------------------------------------------------
    svn:eol-style = native



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to