On Wed, 29 Aug 2001 22:46, Berin Loritsch wrote:
> Peter Donald wrote:
> > +1 to idea of UserManagement Block
>
> Is there any way the UserManagement Block can be authentication method
> agnostic?
Yes and no. In JAAS users are *Subjects* and consist of a number of
Principles. The Principle may represent the Subject in different systems or
via different access methods. For instance you may have a different Principle
for Unix user login, and a different principle for Kerberos (sp?) login, and
a different for PKI, different for biometric etc.
The problem is that most systems still don't distinguish between Subject and
Principle. So in a unix or NT setting the "user" is represented by Principle
and not by Subject. This will slowly change in time - especially with
external groups (MS/other) managing identity servers and authentication
servers.
> In other words, the same general information needs to be managed, but
> the method of collecting it from the client is different.
>
> With PKI (Public Key Infrastructure), the Certificate is part of the
> Handshake, and can be obtained from the SSL connection. Everyone is
> already familiar with username/password.
In this case JAAS's LoginCallback (or whatever it is called) works. But IIRC
this requires that users be represented by "Subject"s.
--
Cheers,
Pete
*-----------------------------------------------------*
| For those who refuse to understand, no explanation |
| will ever suffice. For those who refuse to believe, |
| no evidence will ever suffice. |
*-----------------------------------------------------*
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
