karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré ...@nanthrax.net>
Subject Re: LDAP authentication must role management in properties file
Date Thu, 22 Aug 2013 17:37:52 GMT
Hi,

like in JAAS "core/native": it depends of the realm (a realm has a 
dedicated function: authentication/authorization).

Regards
JB

On 08/22/2013 11:34 AM, Oliver Wulff wrote:
> Hi JB
>
> How can I tell which login module is used for authentication (LDAP) and which for authorization
(PropertiesFile)? If I configure a list of login modules, I thought JAAS will login with username/password
in each login module.
>
> Thanks
> Oli
> ________________________________________
> From: Jean-Baptiste Onofré [jb@nanthrax.net]
> Sent: 22 August 2013 10:20
> To: user@karaf.apache.org
> Subject: Re: LDAP authentication must role management in properties file
>
> Hi,
>
> yes, the same realm (let say Karaf) can use several login module. It's
> leverage JAAS.
>
> You can do that directly with the jaas:* commands.
>
> Or you can define both login modules in the same blueprint and define a
> rank for the login module:
>
>       <jaas:config name="myrealm">
>           <jaas:module
> className="org.apache.karaf.jaas.modules.properties.PropertiesLoginModule"
>                        flags="required">
>               users = $[karaf.base]/etc/users.properties
>           </jaas:module>
>          <jaas:module
> className="org.apache.karaf.jaas.modules.ldap.LdapLoginModule ...."/>
>       </jaas:config>
>
> You have more details here:
> http://karaf.apache.org/manual/latest-2.3.x/developers-guide/security-framework.html
>
> Regards
> JB
>
> On 08/22/2013 10:14 AM, Oliver Wulff wrote:
>> Hi there
>>
>> I'm looking for a solution to use the LDAP Login Module only for
>> authentication and another module (ex. PropertiesLoginModule) to manage
>> the roles?
>>
>> Thanks
>>
>> Oli
>>
>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>

-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Mime
View raw message