Peter Firmstone wrote:
Anyone got any ideas for PAM in Apache River?
Currently, because JAAS is broken and providing no access to authentication APIs of the host OS, we'd have to provide JNI code to do authentication against PAM or other native authentication mechanisms, if done in the same JVM where less trust paranoia has to occur. An external authentication service could be written which might bind to "localhost:xxx" and use an SSL cert based authentication to connect. We could then use local native processes as authentication agents to authenticate Jini users.
My http://pastion.dev.java.net project includes a JNI based authentication API that uses PAM on linux. There is/was a difference in APIs for Solaris vs Linux that might still need some customizations. I am not familiar with what we'd need to use a windows based directory service.
Gregg Wonderly
