Thanks for the answer. I did not look at the SRPLoginModule before. One good thing is that it seems that this multiple client/server exchanged can be achieved ?just? by creating special login modules (and a supporting MBean), so it is not ?too? intrusive in the JBossSX framework. I am a little puzzled by your comment on the ?not really secure?. Everything that I read so far about protocols than can be plugged behind the GSS-API (like Kerberos) does not assume that the link is encrypted to be secure, at least for the authentication part of the protocol. It is true that such protocols are also offering message encryption capabilities once the authentication has been done and a session key has been generated.
What I am trying to understand is what the security risks are. Here is my current understanding: - If I understand correctly something like Kerberos, the authentication process is secure without requiring an encrypted channel. What I mean is that someone can not pretend to be someone else without knowing its credentials, and you cannot determine the client credential by watching the data exchanged on the wire. - After the authentication process, I agree that without a secure channel, someone can see (and potentially alter) the data being transferred. But this is a different ?issue? and SSL is the answer if you want data privacy on the wire. - Final possible risk that I see is, since the channel is not secure, someone can see the data being exchanged and manage to impersonate the client (create other messages for the server making it believe that it is the original client). If such risk exists, could we imagine just ?signing? the message instead of completely encrypting it? This should hopefully still be faster than full SSL, shouldn?t it? My ultimate goal is not necessarily 100% bullet proof authentication mechanism. But GSS-API with Kerberos and the corresponding Login module seems to be able to provide a few nice things: - Single sign-on capabilities. The credentials of the user running the client process can be ?automatically? used to authenticate against the server without having to re-enter user/password. - In such single sign-on context the password of the user is not transmitted on the wire (only a ticket is), so it is already more secure than any other solution that do not use an encrypted channel. - If you want bullet proof security, nothing prevents you to configure SSL between your client and server on top of this authentication mechanism. Thomas View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3856392#3856392 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3856392 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
