Hi,
I am using equinox and sshd core to access an server instance via ssh.
See:
http://help.eclipse.org/juno/index.jsp?topic=%2Forg.eclipse.platform.doc.isv%2Fguide%2Fconsole_shell.htm
I can't figure out how to identify the user connected to the current
session and from what I can see from the source code there isn't really
a provision for it either.
I don't know if this approach has already been discussed but I would
like to propose a code extension that returns an authenticated Subject
instead of a Boolean value.
Having gone through the code, I would like to propose an
extension/alternative to org.apache.sshd.server.UserAuth, something like
"org.apache.sshd.server.SubjectAuth".
The result of the Login/authentication would then be a committed Subject
instance that should then be used to execute the rest of the code in the
shell session.
Pseudo code:
*SubjectAuth auth = new PasswordSubjectAuth(...);**
**Subject authenticatedSubject = auth.authenticate(...);**
**PrivilegedExceptionAction commandSession = new SshCommandSession(...);**
**Subject.doAsPrivileged( authenticatedSubject, commandSession, null);**
*
This way JAAS privileges can be tested again the "Subject" that is
running the code and the Principals and Credentials can also be accessed
as required.
So that would mean that calling "*Subject subject = Subject.getSubject(
AccessController.getContext() );*" could be used for all the current
"user/role", keys or GSS-API connects to get the identity.
Regards,
Bill Mair
