• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Login to Linux through Tomcat?

 
Ranch Hand
Posts: 67
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am working on a JSP application running on Linux and Tomcat. My requirements are specifying that I don't use Tomcat security to login and/or placing the password in a flat file on the system. We are wanting to verify the user by trying to login to the Linux system using an account/password setup on the system. The reason for this is to allow the user the ability to change his/her password at a later date and later logins would allow the use of the new password.
Does anyone know of a way that I can do this? I want to pass the login information to the OS and attempt to login there. If it passes I will set a flag in the ServletContext to show that a successful login occurred and allow all other accessable web pages/JSPs to be displayed. If not an error screen would be displayed. OS login is also necessary because we plan to allow the user to configure the device via the web application. I realize that passwork incription will also be needed to hide the password from anyone monitoring the data being passed to the device.
Any help would be greatly appreciated.

Lon Allen
 
Saloon Keeper
Posts: 27863
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tomcat comes supplied with 4 different security realm implementations, only one of which is a flat (XML) file. The flat file is only really recommended for "quick-and-dirty" use anyway. More commonly used are the jdbc or JNDI realms.
A userid/password stored in a database can be validated in the JDBC realm, and updating the password is just as simple as any other sort of update.
On the other hand, if you are running a limited-access server and you're presently using JNDI to manage Linux accounts, you'd probably want to use that facility.
If you're REALLY ambitious, you can write your own custom realm class that invokes PAM, but if you want to provide a single signon for both Linux and Web, you should probably be using JNDI.
 
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tim:
interesting .. of the 4 ways that tomcat can handle Login .
where i could get more information??

i was about to suggest that Apache got's the schema you were saing but i didn't know that tomcat could use those also .
grettings ..
 
reply
    Bookmark Topic Watch Topic
  • New Topic