Peter Donald wrote: > > On Wed, 29 Aug 2001 22:46, Berin Loritsch wrote: > > Peter Donald wrote: > > > +1 to idea of UserManagement Block > > > > Is there any way the UserManagement Block can be authentication method > > agnostic? > > Yes and no. In JAAS users are *Subjects* and consist of a number of > Principles. The Principle may represent the Subject in different systems or > via different access methods. For instance you may have a different Principle > for Unix user login, and a different principle for Kerberos (sp?) login, and > a different for PKI, different for biometric etc.
I have looked at JAAS alot. Basically a "Subject" is in effect a complex Principle (it extends Principle I believe) that is an aggregate. When authenticated via JAAS, the Subject is the Principal tested against, and you get a positive if any of the correct methods worked (i.e. if a Certificate is presented, JAAS can be configured to allow that to be enough). --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
