× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. JAVA400-L
  3. April 2004

RE: Websphere authenticating to a remote as/400 and Envoy

Thanks David. How does Kerberos differ from SSL?

-----Original Message-----
From: David Morris [mailto:David.Morris@xxxxxxxxxxxxx] 
Sent: Tuesday, April 20, 2004 3:09 PM
To: java400-l@xxxxxxxxxxxx
Subject: RE: Websphere authenticating to a remote as/400 and Envoy

Todd,

I can't tell you how you would do this with WebSphere, but with Tomcat
you would create a Realm. There are three or four that come with Tomcat
and they are pretty easy to create. The realm receives the user
principle which gives you the information they keyed into the security
challenge in a browser. If you use Basic the password comes through
clear, if you use Digest it will be an MD5 digest of the password. You
are free to use that information to check against anything you want. To
authenticate against an iSeries profile, I you will probably need the
clear text password -- this is dangerous and hard to secure. 

If you are running on another box, you limit how you can authenticate
and generally have clear text passwords somewhere or kerberos. With
kerberos you can get around this using the SPNEGO protocol to talk to
the browser. There is at least one commercial application that
implements SPNEGO but the only free option I know of is Apache.

David Morris

>>> tbryant@xxxxxxxxxxxxxxxxxxxxxxx 4/20/2004 12:31:08 PM >>>
I see. So, just so I completely clear, they are not authenticating
against
400 profiles, they are using bsd user accounts, in the case of the one
running FreeBSD? That makes sense. I was wondering how one would get
past
this limitation. 



-----Original Message-----
From: Joe Pluta [mailto:joepluta@xxxxxxxxxxxxxxxxx] 
Sent: Tuesday, April 20, 2004 1:36 PM
To: 'Java Programming on and around the iSeries / AS400'
Subject: RE: Websphere authenticating to a remote as/400 and Envoy

> From: Todd Bryant
> 
> We currently have Envoy running on the 400 using WAS 5.1. We are
thinking
> about moving Websphere off the 400 and onto another box. Also, it
would be
> nice to be able to run a test environment in WSAD and have it work.
The
> problem I am having is that I cannot figure out a way to have
websphere
> authenticate with a remote machine if you set up an application with
BASIC
> or FORM authentication. As far as I can tell it will only try and
> authenticate with the local system. From what I understand this
should
be
> possible. Anyone have any suggestions?

Todd, as far as I know a web application server will only authenticate
against the box it is running on.  We've got two other PSC/400
installations doing just that: one is running Tomcat on a FreeBSD
machine, while ITT Aerospace is running WebSphere on one iSeries and
the
applications on another.

Joe

_______________________________________________
This is the Java Programming on and around the iSeries / AS400 (JAVA400-L)
mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.