On Wed, 29 Aug 2001 22:46, Berin Loritsch wrote: > Peter Donald wrote: > > +1 to idea of UserManagement Block > > Is there any way the UserManagement Block can be authentication method > agnostic?
Yes and no. In JAAS users are *Subjects* and consist of a number of Principles. The Principle may represent the Subject in different systems or via different access methods. For instance you may have a different Principle for Unix user login, and a different principle for Kerberos (sp?) login, and a different for PKI, different for biometric etc. The problem is that most systems still don't distinguish between Subject and Principle. So in a unix or NT setting the "user" is represented by Principle and not by Subject. This will slowly change in time - especially with external groups (MS/other) managing identity servers and authentication servers. > In other words, the same general information needs to be managed, but > the method of collecting it from the client is different. > > With PKI (Public Key Infrastructure), the Certificate is part of the > Handshake, and can be obtained from the SSL connection. Everyone is > already familiar with username/password. In this case JAAS's LoginCallback (or whatever it is called) works. But IIRC this requires that users be represented by "Subject"s. -- Cheers, Pete *-----------------------------------------------------* | For those who refuse to understand, no explanation | | will ever suffice. For those who refuse to believe, | | no evidence will ever suffice. | *-----------------------------------------------------* --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
