geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cabrera, Alan" <Alan.Cabr...@reuters.com>
Subject RE: [security] Authentication mechanism
Date Mon, 01 Dec 2003 22:18:56 GMT


> -----Original Message-----
> From: Dain Sundstrom [mailto:dain@coredevelopers.net] 
> 
> On Monday, December 1, 2003, at 03:25 PM, Cabrera, Alan wrote:
> 
> > NTLoginModule and SolarisLoginModule are provided by Sun in 
> JDK1.4 as
> > part
> > of the JAAS distribution.
> 
> I looked at these are they are very disappointing.  All they 
> do is get 
> you the username the current java process is running as.  

You are correct.  Let me clarify that I mention these two LoginModules as an
example of LoginModules that contain multiple kinds of Principals.

> You can not 
> get a windows security ticket that the server could then verify.  As 
> for Solaris (or any unix) I don't think there is anything 
> like a ticket 
> unless the admins are using Kerbos and even then I don't know 
> of anyway 
> to get the OS to give you a ticket for the currently logged in user 
> (which means they need to type in username and password 
> again).   Maybe 
> someone who knows more about unix security can comment on the 
> state of 
> single sign on.

Kerberos is the ticket.  ;)


Regards,
Alan



---------------------------------------------------------------- 
      Visit our Internet site at http://www.reuters.com 

Get closer to the financial markets with Reuters Messaging - for more
information and to register, visit <http://www.reuters.com/messaging> 

Any views expressed in this message are those of  the  individual sender,
except  where  the sender specifically states them to be the views of The
Reuters Group.

Mime
View raw message