river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dennis Reedy <dennis.re...@gmail.com>
Subject Re: PAM - Pluggable Authentication Modules Any Ideas?
Date Thu, 13 May 2010 00:54:27 GMT
I wonder if the JPam work might also fit here? http://jpam.sourceforge.net/


On May 12, 2010, at 431PM, Gregg Wonderly wrote:

> Peter Firmstone wrote:
>> Anyone got any ideas for PAM in Apache River?
> 
> Currently, because JAAS is broken and providing no access to authentication APIs of the
host OS, we'd have to provide JNI code to do authentication against PAM or other native authentication
mechanisms, if done in the same JVM where less trust paranoia has to occur.  An external authentication
service could be written which might bind to "localhost:xxx" and use an SSL cert based authentication
to connect.  We could then use local native processes as authentication agents to authenticate
Jini users.
> 
> My http://pastion.dev.java.net project includes a JNI based authentication API that uses
PAM on linux.  There is/was a difference in APIs for Solaris vs Linux that might still need
some customizations.  I am not familiar with what we'd need to use a windows based directory
service.
> 
> Gregg Wonderly


Mime
View raw message