At 100kb, jpam could fit into a proxy and solve the cross platform
issues on unix / POSIX at least, combined with Gregg's work.
I'd be inclined to choose the direct public API (as an unexposed part of
a proxy implementation) so the implementation can be downloaded without
manual intervention or installation like an SPI requires.
Cheers,
Peter.
Dennis Reedy wrote:
I wonder if the JPam work might also fit here? http://jpam.sourceforge.net/
On May 12, 2010, at 431PM, Gregg Wonderly wrote:
Peter Firmstone wrote:
Anyone got any ideas for PAM in Apache River?
Currently, because JAAS is broken and providing no access to authentication APIs of the
host OS, we'd have to provide JNI code to do authentication against PAM or other native
authentication mechanisms, if done in the same JVM where less trust paranoia has to
occur. An external authentication service could be written which might bind to
"localhost:xxx" and use an SSL cert based authentication to connect. We could
then use local native processes as authentication agents to authenticate Jini users.
My http://pastion.dev.java.net project includes a JNI based authentication API
that uses PAM on linux. There is/was a difference in APIs for Solaris vs Linux
that might still need some customizations. I am not familiar with what we'd
need to use a windows based directory service.
Gregg Wonderly
