avalon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Donald <dona...@apache.org>
Subject Re: cvs commit: jakarta-avalon-cornerstone/apps/ftpserver/src/java/org/apache/avalon/ftpserver/interfaces UserManagerInterface.java
Date Wed, 29 Aug 2001 12:49:21 GMT
On Wed, 29 Aug 2001 22:46, Berin Loritsch wrote:
> Peter Donald wrote:
> > +1 to idea of UserManagement Block
>
> Is there any way the UserManagement Block can be authentication method
> agnostic?

Yes and no. In JAAS users are *Subjects* and consist of a number of 
Principles. The Principle may represent the Subject in different systems or 
via different access methods. For instance you may have a different Principle 
for Unix user login, and a different principle for Kerberos (sp?) login, and 
a different for PKI, different for biometric etc.

The problem is that most systems still don't distinguish between Subject and 
Principle. So in a unix or NT setting the "user" is represented by Principle 
and not by Subject. This will slowly change in time - especially with 
external groups (MS/other) managing identity servers and authentication 
servers.

> In other words, the same general information needs to be managed, but
> the method of collecting it from the client is different.
>
> With PKI (Public Key Infrastructure), the Certificate is part of the
> Handshake, and can be obtained from the SSL connection.  Everyone is
> already familiar with username/password.

In this case JAAS's LoginCallback (or whatever it is called) works. But IIRC 
this requires that users be represented by "Subject"s.

-- 
Cheers,

Pete

*-----------------------------------------------------*
| For those who refuse to understand, no explanation  |
| will ever suffice. For those who refuse to believe, |
| no evidence will ever suffice.                      |
*-----------------------------------------------------*

---------------------------------------------------------------------
To unsubscribe, e-mail: avalon-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: avalon-dev-help@jakarta.apache.org


Mime
View raw message