I see your point.
I was actually interested by a "fairly" secure authentication mechanism without
having to require SSL.
I have the impression that Kerberos provides that (you can securely
authenticate yourself over a non-encrypted channel).
But you are right; it might be too much work compare
Current implementation of SRP is not secure in a sence that someone who can
observe authentication process can impersonate itself as a valid user. The
point that I wanted to make is that implementation of secure protocol on top of
RMI is inefficient compared to implementation on a transport leve
Thanks for the detailed reply, I appreciate.
I think we are on the same page on most points (which is good for me, I am just
a beginner in the security arena).
Two extra comments.
1) From my reading of the Kerberos protocol (which might not be true for SRP, I
do not know), the session key is s
You can use a client/server intceptor pair to encrypt the session key so that
it cannot be snooped and used by another user masquerading as the authenticated
user.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3856415#3856415
Reply to the post :
http://www
You can take a look at SRPLoginModule as an example of authentication mechanism
that involves multiple client/server exchanges. So the answer to your question
is Yes, it can be done. The real problem with this kind of implementation
(based on RMI) is that it is either not really secure (as is th
RMI protocol is pure stateless. It means that every remote call should contain
some additional information about the caller and its credentials, if we would
like to support authentication and authorization on the server side. By using
this information, the server side security interceptor and se
I did more research and it seems that on windows, using the Microsoft Security
Support Provider Interface, I could achieve a single sign-on mechanism
transparently using NTLM (Windows NT domain) or Kerberos (Windows 2000/2003
domain).
But (of course there is a but), the authentication mechanis
Thanks for the answer.
I did not look at the SRPLoginModule before.
One good thing is that it seems that this multiple client/server exchanged can
be achieved ?just? by creating special login modules (and a supporting MBean),
so it is not ?too? intrusive in the JBossSX framework.
I am a little pu
Thanks for the reply.
It confirms what I was slowly discovering.
Thomas
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3856184#3856184
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3856184
---
I did quite a few searches without a lot of success.
I am still wondering how to configure the NTLoginModule with JBoss.
Here some of my dilemma:
1) Should I configure the NTLogingModule both on my client (EJB client) and
server?
2) Ideally, I'd like to configure it, for sure, on the client: the
No, it does not even ship with the linux versions.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3828467#3828467
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3828467
--
Does it also work to authenticate NT domain users when JBoss runs on Linux?
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3828285#3828285
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3828285
-
The sun jdks ship with an NTLoginModule that could be used to authentication. It is
documented as part of the jaas guide:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/spec/com/sun/security/auth/module/NTLoginModule.html
which is accessible from the 'API Specifications' section of the
I think the simplest way is to use a WIN-JAAS-Login Module. Just search after "tagish
JAAS" in google. You should find a lot of information...
Juraj
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3828041#3828041
Reply to the post :
http://www.jboss.org/index
14 matches
Mail list logo