Hi. Craig McQueen wrote: [...]I believe (only believe, not certain), that the Windows Domain method would work if your local domain and the global domain were in a "trust relationship" (Windows Domain term) with eachother. That is, the DC that you use for SSPI authentication acepts the id's from users in other trusted domains.
If that is not the case yet, it may be more than you want to chew though.The question is : apart from this particular service, do these external corporate users already use other Windows-based services in your network, for which they also need to authenticate ? If yes, there it might be worth investigating how that happens.
If the above works, then you may still have an issue removing/mangling the domain-name part of the id. But that can be solved with another layer.
Note : I am very interested in the matter, because I have a similar case to resolve. But until now I have done this only at the Tomcat level, using the JCIFS module from jcifs.samba.org. I have not yet tried out the SSPI module. That address jcifs.samba.org is a good one for all kinds of info about Windows NTLM authentication by the way.
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|