https://issues.apache.org/bugzilla/show_bug.cgi?id=48685
--- Comment #42 from Michael Osipov <1983-01...@gmx.net> 2011-04-01 08:41:22
EDT ---
Mark,
I just compiled and deployed 7.0.12-dev to our test server. It works but fails
at some point.
The default server.xml is configured with:
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
The Authentication fails at: UserDatabaseRealm line 215 because the use cannot
be found in the database.
I think there is a huge misconception from your point of view. Kerberos is not
something which simply passes credentials to a realm. Kerberos IS THE REALM.
You cannot and should not pass that username to any other realm but to an
authorizing realm. In this case the user cannot be authenticated and gets
locked out. The way it is coded right now won't work.
Kerberos sole purpose is to indentify the user properly and this works
flawlessly in my Eclipse debug session and in Fiddler.
Mike
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
