---------------------------------------------------------------- BEFORE YOU POST, search the faq at <http://java.apache.org/faq/> WHEN YOU POST, include all relevant version numbers, log files, and configuration files. Don't make us guess your problem!!! ---------------------------------------------------------------- Has anyone used Linux-PAM do do user authentication in Java Servlets? It seems like the following needs to take place: - the user requests a servlet for which authentication is required - the servlet's doPost method calls a C function "askPam" which i've written - askPam calls the PAM library - the PAM library decides that it needs to ask for a username and a password, and calls the C conversation function "myConv" which i've written - myConv calls a method "askUser" of the original servlet to pass the request along to the web browser - the servlet generates an appropriate web page, asking the user for whatever information (i.e. user and password) PAM wants, and askUser doesn't return yet - the user submits the information, thus invoking doPost a second time - the servlet arranges for its method askUser (which was invoked by myConv) to finally return control to myConv - myConv returns control to the PAM library - the PAM library decides whether authentication has succeded. if it has not, it calls myConv again, which calls askUser, which causes the second servlet invocation to generate a new page asking the user to try again. - once PAM is happy, it returns control back to askPam, which returns control back to the original servlet invocation. - the original servlet invocation has to use the HttpServletResponse object from the latest invocation (not the one it was originally given) to generate the resulting web page This seems quite complicated, because at least two invocations of doPost will need to be running at once in separate threads for the very same HTTP session. Is there a simpler way? Solomon -- -------------------------------------------------------------- Please read the FAQ! <http://java.apache.org/faq/> To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives and Other: <http://java.apache.org/main/mail.html> Problems?: [EMAIL PROTECTED]
