...
[14:01:02 CDT(-0500)] <atilling> Coldfusion has password protection for the server admin but it's fairly weak and I wanted to put mod_auth_cas in front of that folder
[14:04:02 CDT(-0500)] <serac> You might post to users@tomcat.apache.org to find out whether it's possible to apply Apache security directives to URIs that are mapped to Tomcat. While it would be surprising if you can't, I can imagine that's the case.
[14:04:20 CDT(-0500)] <atilling> thanks