Hi, I suppose I'm missing a point somewhere, so please tell me. I just don't see in what way JAAS authentication can guarantee knowledge of a client stand alone application user.
Example: I'm writing a client application which connects to EJBs. I've used JAAS authentication to authenticate the user (lets say with NTLoginModule). This is on Windows XP. Now my point is, basically anyone who has access to a computer with this application (with their own account of course) can use the application simply by editing and changing the login-configuration file and the JAAS security policy file. Am I right? I must be missing a point here, or is JAAS authentication totally useless? Thanks Harvey View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3844636#3844636 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3844636 ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
