Author: markt Date: Sat Mar 26 16:45:26 2011 New Revision: 1085764 URL: http://svn.apache.org/viewvc?rev=1085764&view=rev Log: Add some Windows authentication notes to the docs
Added: tomcat/trunk/webapps/docs/windows-auth-howto.xml (with props) Modified: tomcat/trunk/webapps/docs/project.xml Modified: tomcat/trunk/webapps/docs/project.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/project.xml?rev=1085764&r1=1085763&r2=1085764&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/project.xml (original) +++ tomcat/trunk/webapps/docs/project.xml Sat Mar 26 16:45:26 2011 @@ -67,6 +67,9 @@ <item name="27) Mavenized" href="maven-jars.html"/> <item name="28) Security Considerations" href="security-howto.html"/> + <item name="29) Windows Service" href="windows-service-howto.html"/> + <item name="30) Windows Authentication" + href="windows-auth-howto.html"/> </menu> <menu name="Reference"> Added: tomcat/trunk/webapps/docs/windows-auth-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/windows-auth-howto.xml?rev=1085764&view=auto ============================================================================== --- tomcat/trunk/webapps/docs/windows-auth-howto.xml (added) +++ tomcat/trunk/webapps/docs/windows-auth-howto.xml Sat Mar 26 16:45:26 2011 @@ -0,0 +1,118 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!DOCTYPE document [ + <!ENTITY project SYSTEM "project.xml"> +]> +<document url="windows-auth-howto.html"> + + &project; + + <properties> + <title>Windows Authentication How-To</title> + </properties> + +<body> + +<section name="Table of Contents"> +<toc/> +</section> + +<section name="Overview"> +<p>Integrated Windows authentication is most frequently used within intranet +environments since it requires that the server performing the authentication and +the user being authentication are part of the same domain. For the user to be +authenticated automatically, the client machine used by the user must also be +part of the domain.</p> +<p>There are several options for implementing integrated Windows authentication +with Apache Tomcat. They are: +<ul> +<li>Built-in Tomcat support (work in progress, not yet available).</li> +<li>Use a third party library such as Waffle.</li> +<li>Use a reverse proxy that supports Windows authentication to perform the +authentication step such as IIS or httpd.</li> +</ul> +The configuration of each of these options is discussed in the following +sections.</p> +</section> + +<section name="Built-in Tomcat support"> +<p>TBD.</p> +</section> + +<section name="Third party libraries"> + + <subsection name="Waffle"> + <p>Full details of this solution can be found on the + <a href="http://waffle.codeplex.com/";>Waffle site</a>. The edited highlights + are: + <ul> + <li>Drop-in solution</li> + <li>Simple configuration (no JAAS or Kerberos keytab configuration required) + </li> + </ul> + </p> + </subsection> + +</section> + +<section name="Reverse proxies"> + + <subsection name="Microsoft IIS"> + <p>There are three steps to configuring IIS to provide Windows authentication. + They are: + <ol> + <li>Configure IIS as a reverse proxy for Tomcat (see the + <a href="http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html";> + IIS Web Server How-To)</a>.</li> + <li>Configure IIS to use Windows authentication</li> + <li>Configure Tomcat to use the authentication user information from IIS by + setting the tomcatAuthentication attribute on the <a href="config/ajp.html"> + AJP connector</a> to <code>false</code>.</li> + </ol> + </p> + </subsection> + + <subsection name="Apache httpd"> + <p>Apache httpd does not support Windows authentication out of the box but + there are a number of third-party modules that can be used. These include: + <ol> + <li><a href="http://sourceforge.net/projects/mod-auth-sspi/";>mod_auth_sspi</a> + for use on Windows platforms</li> + <li><a href="http://modntlm.sourceforge.net/";>mod_ntlm</a> for non-Windows + platforms (NTLM v1 only)</li> + <li><a href="http://adldap.sourceforge.net/wiki/doku.php?id=mod_auth_ntlm_winbind";> + mod_auth_ntlm_winbind</a> for non-Windows platforms (NTLM v2)</li> + </ol> + There are three steps to configuring httpd to provide Windows + authentication. They are: + <ol> + <li>Configure httpd as a reverse proxy for Tomcat (see the + <a href="http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html";> + Apache httpd Web Server How-To)</a>.</li> + <li>Configure httpd to use Windows authentication</li> + <li>Configure Tomcat to use the authentication user information from httpd by + setting the tomcatAuthentication attribute on the <a href="config/ajp.html"> + AJP connector</a> to <code>false</code>.</li> + </ol> + </p> + </subsection> + +</section> + +</body> +</document> Propchange: tomcat/trunk/webapps/docs/windows-auth-howto.xml ------------------------------------------------------------------------------ svn:eol-style = native --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org