river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject Re: PAM - Pluggable Authentication Modules Any Ideas?
Date Wed, 12 May 2010 23:14:59 GMT
I like the sound of that.

We can have an Authentication Service, we could place the constraint of 
a key signature on that particular service (don't want untrusted parties 
providing authentication), but once loaded, the smart proxy could 
contain the JNI code required to perform the authentication?

I'm thinking about providing a ServiceInterface-dl.jar for any new 
Platform Services in River, providing class files for backward 
compatibility, ensuring existing Jini clients can utilise them too.

I'm not familiar with Window's either, anyone here with some Window's 
experience?

Cheers,

Peter.

Gregg Wonderly wrote:
> Peter Firmstone wrote:
>> Anyone got any ideas for PAM in Apache River?
>
> Currently, because JAAS is broken and providing no access to 
> authentication APIs of the host OS, we'd have to provide JNI code to 
> do authentication against PAM or other native authentication 
> mechanisms, if done in the same JVM where less trust paranoia has to 
> occur.  An external authentication service could be written which 
> might bind to "localhost:xxx" and use an SSL cert based authentication 
> to connect.  We could then use local native processes as 
> authentication agents to authenticate Jini users.
>
> My http://pastion.dev.java.net project includes a JNI based 
> authentication API that uses PAM on linux.  There is/was a difference 
> in APIs for Solaris vs Linux that might still need some 
> customizations.  I am not familiar with what we'd need to use a 
> windows based directory service.
>
> Gregg Wonderly
>


Mime
View raw message