Navigation:  System Requirements > Server-side Requirements > Application Server Middleware (Servlet Engine) > Apache Tomcat > Apache Tomcat Configuration >

Apache Tomcat Security Setting (Optional)

Previous pageReturn to chapter overviewNext page

If there is a security guideline that your network component communication is restricted for certain authentication methods, these methods have to be synchronized with Apache Tomcat.

 

Note: The parameter for the Tomcat security settings is just an optional parameter and only applies, if the complete environment follows a certain security guideline.

Note: If no LAN manager authentication level is set in your network or if LM, NTLM and NTLMv2 are not refused explicitly, you do not need to configure this setting.

 

Review your security setting of your GIS Server:

Execute secpol.msc, navigate to Security Settings > Local Policies > Security Options and double-click 'Network security: LAN Manager authentication level'.

 

Network security settings of GIS Server

Network security settings of GIS Server

 

Set the level in Java option of Tomcat configuration by adding:

-DARCGIS_LM_COMPATIBILITY_LEVEL=<value of the level chosen from this list below>

 

Value Meaning:

0: Clients use LM and NTLM authentication, but they never use NTLMv2 session security. Domain controllers accept LM, NTLM, and NTLMv2 authentication.

1: Clients use LM and NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.

2: Clients use only NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controller accepts LM, NTLM, and NTLMv2 authentication.

3: Clients use only NTLMv2 authentication, and they can work with NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.

4: Clients use only NTLMv2 authentication, and they can work with NTLMv2 session security if the server supports it. Domain controller refuses LM authentication responses, but it accepts NTLM and NTLMv2.

5: Clients use only NTLMv2 authentication, and they can work with NTLMv2 session security if the server supports it. Domain controller refuses LM and NTLM authentication responses, but it accepts NTLMv2.

 

Tomcat security setting - LM compatibility setting

Tomcat security setting - LM compatibility setting