continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Casey <jdca...@commonjava.org>
Subject Re: Security in Continuum
Date Fri, 13 Jan 2006 14:58:22 GMT
Looks like this isn't an option unless we can make it work on Windows...

 From the documentation:

Jpam can be used on:

    1. Linux x86
    2. Linux x86_64, including AMD64
    3. Mac OS X
    4. Solaris sparc

PAM is used on Unix and Unix-like operating systems. JPAM should be 
readily portable to other *nixes.

-john

David Blevins wrote:
> 
> On Jan 12, 2006, at 2:25 PM, Emmanuel Venisse wrote:
> 
>>
>>
>> David Blevins a écrit :
>>> On Jan 11, 2006, at 10:13 AM, Emmanuel Venisse wrote:
>>>> Hi,
>>>>
>>>> In 1.1, we have decided to rework all security features.
>>>>
>>>> I tried to use osuser but this framework is crappy :
>>>>
>>> [...]
>>>> I looked at seraph too. This project seems to be interesting, it's  
>>>> used by confluence and jira. It seems we have all we need in it but  
>>>> it require to be used in a web app environment, so i think we can't  
>>>> use it if we want to use security framework in a standalone app in  
>>>> future.
>>> Interesting, if you look at the dependencies for seraph, it's 
>>> clearly  using osuser.
>>>   - http://opensource.atlassian.com/seraph/dependencies.html
>>
>> osuser is use only for the DefaultAuthenticator, if you don't use it, 
>> you don't need osuser.
>>
>>> Wonder if "writing our own" option couldn't mean writing our own  
>>> wrapper for osuser.
>>
>> not exactly. osuser would can be supported by a provider of our own. 
>> But if we decide to write it, it must be extensible with providers 
>> like other framework(osuser, seraph...) and ldap, jaas...
>>
> 
> I can't believe i forgot about this.
> 
> http://jpam.sourceforge.net/documentation/
> 
> Then we could do real security and not java-toy security only usable by 
> continuum.
> 
> I've got a shared LDAP directory up on ci.gbuild.org right now which we 
> use instead of /etc/passwd files for logging into the various gbuild 
> machines.  There is a j2eetck group that we put people in if they are 
> allowed to see tck related stuff.  Would be excellent if we could use 
> that exact setup in continuum to lock off certain projects to only be 
> visible to that or other groups.  I've had to setup cron jobs to build 
> the various things that are tck private -- made an attempt to put up a 
> non-public continuum install for that, but it was too much of a pain.
> 
> -David
> 
> 
>> Emmanuel
>>
> 
> 
> 

Mime
View raw message