I would like to use NTLM authentication with Tomcat so that Iexplorer send automatically both the user id+pwd to webapp. Is this possible?
With "BASIC" authentication IE pops up the usual pwd dialog but I want to skip this dialog. ( Note, I use JNDIReal/ldap)
Yes it is. The Tomcat Wiki references a documentation about Samba code that enables Tomcat to do NTLM authentication.
The Samba community implemented a Servlet filter that allows to athenticate users agains a domain controller.
Alternatively, if you're on a Windows server, you can have IIS do the authentication and redirect requests to Tomcat. Here's the documentation: http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
people from the JCIFS project (the one reerenced in mkoller's answer) says that the solution they provide is not compatible with NTLMv2...
http://jcifs.samba.org/src/docs/ntlmhttpauth.html
you should check http://www.ioplex.com/jespa.html, which is not free...
If you use IIS for the authentication and then redirect the requests to Tomcat (through the Isapi Connector), how are you going to get the user name in the java application? That info is in the request header, but it is encrypted in the NTLM attribute... Any ideas?
Yes, it's now possible with Waffle Tomcat Authenticator that supports Negotiate (NTLM v1, v2, etc., and Kerberos).