I see your point. I was actually interested by a "fairly" secure authentication mechanism without having to require SSL.
I have the impression that Kerberos provides that (you can securely authenticate yourself over a non-encrypted channel). But you are right; it might be too much work compare to just leverage SSL/TLS. The only drawback with this is that I can probably not support NTLM (windows NT domains or machines that have not joined a domain yet, which, I agree, serves no purposes except, may be, demos). I am also curious to know why you are suggesting that secure protocol on top of RMI is inefficient compared to implementation on a transport level. If I simplify the problem a ?little?, encrypting a serialized java object at the RMI level or encrypting the TCP packets at the socket level (SSL) should not make a big difference, should it? Or am I simplifying too much? There is actually a JSR about RMI security (http://www.jcp.org/en/jsr/detail?id=76). Not sure if it will use GSS or not, although it would make sense to me that they do. Thomas View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3856717#3856717 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3856717 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
