Peter Donald wrote:
>
> On Wed, 29 Aug 2001 22:46, Berin Loritsch wrote:
> > Peter Donald wrote:
> > > +1 to idea of UserManagement Block
> >
> > Is there any way the UserManagement Block can be authentication method
> > agnostic?
>
> Yes and no. In JAAS users are *Subjects* and consist of a number of
> Principles. The Principle may represent the Subject in different systems or
> via different access methods. For instance you may have a different Principle
> for Unix user login, and a different principle for Kerberos (sp?) login, and
> a different for PKI, different for biometric etc.
I have looked at JAAS alot. Basically a "Subject" is in effect a complex
Principle (it extends Principle I believe) that is an aggregate. When authenticated
via JAAS, the Subject is the Principal tested against, and you get a positive
if any of the correct methods worked (i.e. if a Certificate is presented, JAAS
can be configured to allow that to be enough).
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
