Return-Path: 
 <geronimo-dev-return-5341-apmail-incubator-geronimo-dev-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-geronimo-dev-archive@www.apache.org
Received: (qmail 69102 invoked from network); 1 Dec 2003 21:59:24 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 1 Dec 2003 21:59:24 -0000
Received: (qmail 55736 invoked by uid 500); 1 Dec 2003 21:59:04 -0000
Delivered-To: apmail-incubator-geronimo-dev-archive@incubator.apache.org
Received: (qmail 55693 invoked by uid 500); 1 Dec 2003 21:59:04 -0000
Mailing-List: contact geronimo-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:geronimo-dev-help@incubator.apache.org>
list-unsubscribe: <mailto:geronimo-dev-unsubscribe@incubator.apache.org>
list-post: <mailto:geronimo-dev@incubator.apache.org>
Reply-To: geronimo-dev@incubator.apache.org
Delivered-To: mailing list geronimo-dev@incubator.apache.org
Received: (qmail 55660 invoked from network); 1 Dec 2003 21:59:02 -0000
Received: from unknown (HELO public.coredevelopers.net) (209.233.18.245)
  by daedalus.apache.org with SMTP; 1 Dec 2003 21:59:02 -0000
Received: from coredevelopers.net (dain [208.42.65.236])
	(using TLSv1 with cipher DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by public.coredevelopers.net (Postfix on SuSE Linux 8.0 (i386)) with ESMTP id
 5A84521C92
	for <geronimo-dev@incubator.apache.org>;
 Mon,  1 Dec 2003 13:55:16 -0800 (PST)
Date: Mon, 1 Dec 2003 15:58:09 -0600
Subject: Re: [security] Authentication mechanism
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v553)
From: Dain Sundstrom <dain@coredevelopers.net>
To: geronimo-dev@incubator.apache.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <79B184B0417FD41184DB00508BA540B8058C3A6C@corpmail01>
Message-Id: <7374FF61-2449-11D8-81EB-000393DB559A@coredevelopers.net>
X-Mailer: Apple Mail (2.553)
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

On Monday, December 1, 2003, at 03:25 PM, Cabrera, Alan wrote:

> NTLoginModule and SolarisLoginModule are provided by Sun in JDK1.4 as 
> part
> of the JAAS distribution.

I looked at these are they are very disappointing.  All they do is get 
you the username the current java process is running as.  You can not 
get a windows security ticket that the server could then verify.  As 
for Solaris (or any unix) I don't think there is anything like a ticket 
unless the admins are using Kerbos and even then I don't know of anyway 
to get the OS to give you a ticket for the currently logged in user 
(which means they need to type in username and password again).   Maybe 
someone who knows more about unix security can comment on the state of 
single sign on.

-dain

/*************************
  * Dain Sundstrom
  * Partner
  * Core Developers Network
  *************************/