how to download, install and configure

Mar 24, 2010 at 8:53 PM

How to download, install and configure your module to be used with apache/tomcat on linux?

 

Coordinator
Mar 25, 2010 at 10:02 PM

Hello,

You can download the file trunk-20022010.zip. To unzip, you can use jar.exe in the directory /bin of the JDK. In the zip, you have two zip. You unzip trunk-tcp-20022010.zip

jar.exe xf    and jar.exe xf trunk-tcp-20022010.zip. You can read the file configure.txt and the file Howto.txt in the directory /example

If you have a problem, I can help you.

Dominique Guerin

 

 

 

 

 

Mar 25, 2010 at 11:05 PM
Hi, Doumeguerin,
The site says it supports unix. Do you imply it's only on windows?
thanks,
Michelle

On Thu, Mar 25, 2010 at 2:02 PM, doumeguerin <notifications@codeplex.com> wrote:

From: doumeguerin

Hello,

You can download the file trunk-20022010.zip. To unzip, you can use jar.exe in the directory /bin of the JDK. In the zip, you have two zip. You unzip trunk-tcp-20022010.zip

jar.exe xf    and jar.exe xf trunk-tcp-20022010.zip. You can read the file configure.txt and the file Howto.txt in the directory /example

If you have a problem, I can help you.

Dominique Guerin

 

 

 

 

 

Read the full discussion online.

To add a post to this discussion, reply to this email (tomcatspnego@discussions.codeplex.com)

To start a new discussion for this project, email tomcatspnego@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com


Mar 25, 2010 at 11:48 PM

Is the code based on samba? jcifs?

Mar 26, 2010 at 12:10 AM

What's the role of negoserver? It's not something required in standard ntlm. Could you point to a document explaining the architecture of your system?

Looks like the tomcat on unix won't work by itself without the help of negoserver.

Coordinator
Mar 26, 2010 at 6:05 PM

Hello,

Before developing this solution, I tested jcifs, but it does not use Kerberos and NTLMv2.

If the server sends a header WWW_Authenticate Ngotiate, IE (or Firefox) uses SPNEGO with the Web server. In Java, with jdk6 or openjdk6, it is possible to use SPNEGO with GSS-API. Thus, before using SSPI and a DLL, I developed a solution with JDK6 and GSS-API, so without native code. But the setup was not simple, we cannot use groups defined in Active Directory and we cannot use NTLM. However, if the browser is on the same server as Tomcat, IE and Firefox do not use Kerberos. So it was a problem for programmers.

So I decided to use SSPI and native code. The configuration is very simple. Of course, there was a problem with Unix. It is nevertheless possible to use S4U2Self for a token identity of a user and its groups, without giving a password. But to get it, I would be on Windows 2003 at least and I had to write a service to do this and use TCP between Tomcat and the service.

A priori, if you use tomcat on unix and SPNEGO or NTLM, you have Active Direcry and some windows servers. So you can install somewhere a windows service. If I have to write a Windows service, why not write the native code used in the DLL as a Windows service?

In dotnet, a user can use the class NegotiateStream that uses SPNEGO to perform authentication. So I developed the service with NegotiateStream because it was easier to maintain.

 Dominique

 

Coordinator
Mar 27, 2010 at 2:32 AM
Edited Mar 27, 2010 at 5:22 AM

Hello,

I wrote this module for my organization (Institut National de la Statistique et des Etudes Economiques). I have an old documentation ( 2008) to explain SSPI, NTLM, Kerberos, the parameters of the version with GSS-API, why I wrote the solution with the DLL and SSPI. 

The documentation has some limits :

1)It is old : in 2008, Negoserver does not exist, but you can open the file negoserver.chm.

2)If you read the file, you could think that the configuration is not simple, but you have not to understand SSPI or GSS-API to use NegoServer or the DLL.

3)It is in french.

I can send you the pdf. If you can read a french document, you could tell me if it is interresting.

Dominique