On Jan 13, 2006, at 6:58 AM, John Casey wrote:
Looks like this isn't an option unless we can make it work on
Windows...
Darn. I shot a note off to Greg the JPam guy to see what he's got
going on there. At the very least, we use the API that Trygve
proposes and create an implementation for JPam if someone really
wants it.
-David
From the documentation:
Jpam can be used on:
1. Linux x86
2. Linux x86_64, including AMD64
3. Mac OS X
4. Solaris sparc
PAM is used on Unix and Unix-like operating systems. JPAM should be
readily portable to other *nixes.
-john
David Blevins wrote:
On Jan 12, 2006, at 2:25 PM, Emmanuel Venisse wrote:
David Blevins a écrit :
On Jan 11, 2006, at 10:13 AM, Emmanuel Venisse wrote:
Hi,
In 1.1, we have decided to rework all security features.
I tried to use osuser but this framework is crappy :
[...]
I looked at seraph too. This project seems to be interesting,
it's used by confluence and jira. It seems we have all we need
in it but it require to be used in a web app environment, so i
think we can't use it if we want to use security framework in
a standalone app in future.
Interesting, if you look at the dependencies for seraph, it's
clearly using osuser.
- http://opensource.atlassian.com/seraph/dependencies.html
osuser is use only for the DefaultAuthenticator, if you don't use
it, you don't need osuser.
Wonder if "writing our own" option couldn't mean writing our
own wrapper for osuser.
not exactly. osuser would can be supported by a provider of our
own. But if we decide to write it, it must be extensible with
providers like other framework(osuser, seraph...) and ldap, jaas...
I can't believe i forgot about this.
http://jpam.sourceforge.net/documentation/
Then we could do real security and not java-toy security only
usable by continuum.
I've got a shared LDAP directory up on ci.gbuild.org right now
which we use instead of /etc/passwd files for logging into the
various gbuild machines. There is a j2eetck group that we put
people in if they are allowed to see tck related stuff. Would be
excellent if we could use that exact setup in continuum to lock
off certain projects to only be visible to that or other groups.
I've had to setup cron jobs to build the various things that are
tck private -- made an attempt to put up a non-public continuum
install for that, but it was too much of a pain.
-David
Emmanuel
