I like the sound of that.
We can have an Authentication Service, we could place the constraint of
a key signature on that particular service (don't want untrusted parties
providing authentication), but once loaded, the smart proxy could
contain the JNI code required to perform the authentication?
I'm thinking about providing a ServiceInterface-dl.jar for any new
Platform Services in River, providing class files for backward
compatibility, ensuring existing Jini clients can utilise them too.
I'm not familiar with Window's either, anyone here with some Window's
experience?
Cheers,
Peter.
Gregg Wonderly wrote:
Peter Firmstone wrote:
Anyone got any ideas for PAM in Apache River?
Currently, because JAAS is broken and providing no access to
authentication APIs of the host OS, we'd have to provide JNI code to
do authentication against PAM or other native authentication
mechanisms, if done in the same JVM where less trust paranoia has to
occur. An external authentication service could be written which
might bind to "localhost:xxx" and use an SSL cert based authentication
to connect. We could then use local native processes as
authentication agents to authenticate Jini users.
My http://pastion.dev.java.net project includes a JNI based
authentication API that uses PAM on linux. There is/was a difference
in APIs for Solaris vs Linux that might still need some
customizations. I am not familiar with what we'd need to use a
windows based directory service.
Gregg Wonderly
