directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jörg Henne <j.he...@levigo.de>
Subject Authentication and JBoss SAR
Date Tue, 25 Jul 2006 10:32:12 GMT
Hi all,

especially with respect to the JBoss SAR, but also in conjunction with 
other kinds of deployment, I think it is rather unfortunate to require 
the super-user password to be supplied in the startup configuration. 
With the SAR, one needs to tweak the jboss-service.xml file, living 
inside the SAR archive, after the super-user password has been changed.

To make the pains even worse, I have several other services running on 
JBoss which also depend on the directory. In order to enable 
authorization of remote accesses to the directory without reverting to a 
default, non-user-configurable super-user password, I have to unpack the 
SAR, update the service configuration to include the updated password 
and re-pack the SAR for all services during installation.

To fix this problem, IMHO there should be the option to let all in-VM 
accesses by-pass authentication and authorization. In fact, I think this 
should be the default way of operation, as cases, where in-VM 
authorization is required, could be covered by using the standard 
SecurityManager to force non-trusted accesses to use the non-local 
interface.
This problem may be addressed already by the switch away from JNDI for 
internal accesses. But while we're not there, I wonder whether there is 
a work-around to get rid of the in-VM authentication requirement.

Oh, and while I'm already ranting... I wonder whether it is really 
desirable to have a single hard-coded, catch-all super-user instead of 
installing a few ACIs. WDYT?

Thanks
Joerg Henne


Mime
View raw message