karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Wulff <owu...@talend.com>
Subject RE: LDAP authentication must role management in properties file
Date Thu, 22 Aug 2013 09:34:50 GMT
Hi JB

How can I tell which login module is used for authentication (LDAP) and which for authorization
(PropertiesFile)? If I configure a list of login modules, I thought JAAS will login with username/password
in each login module.

Thanks
Oli
________________________________________
From: Jean-Baptiste Onofré [jb@nanthrax.net]
Sent: 22 August 2013 10:20
To: user@karaf.apache.org
Subject: Re: LDAP authentication must role management in properties file

Hi,

yes, the same realm (let say Karaf) can use several login module. It's
leverage JAAS.

You can do that directly with the jaas:* commands.

Or you can define both login modules in the same blueprint and define a
rank for the login module:

     <jaas:config name="myrealm">
         <jaas:module
className="org.apache.karaf.jaas.modules.properties.PropertiesLoginModule"
                      flags="required">
             users = $[karaf.base]/etc/users.properties
         </jaas:module>
        <jaas:module
className="org.apache.karaf.jaas.modules.ldap.LdapLoginModule ...."/>
     </jaas:config>

You have more details here:
http://karaf.apache.org/manual/latest-2.3.x/developers-guide/security-framework.html

Regards
JB

On 08/22/2013 10:14 AM, Oliver Wulff wrote:
> Hi there
>
> I'm looking for a solution to use the LDAP Login Module only for
> authentication and another module (ex. PropertiesLoginModule) to manage
> the roles?
>
> Thanks
>
> Oli
>

--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Mime
View raw message