Hi,
I'm currently writing a JSecurity Realm which uses SSH to authenticate
with a remote host. I'm extending AuthenticatingRealm to do this, and
using the Trilead SSH library.
http://www.trilead.com/Products/Trilead_SSH_for_Java/
This concept is coming along nicely and works great for my use case. In
particular, since my target doesn't have any LDAP or Kerberos based
login functionality, SSH is a decent choice and I'm already familiar
with the library.
As well, I also plan to investigate writing an Authorizer which will use
the same SSH connection and essentially request the contents of
/etc/group to determine roles and role memberships. I think this will
be fairly trivial as well, and pretty useful again for those who don't
run a network aware login server. Maybe by parsing /etc/group format
into a TextConfiguration or something.
I'm also looking at a local native host authentication, probably using
the Shaj project (or something similar, if you know of one).
http://opensource.cenqua.com/shaj/
OK, so now my questions:
1) Has anyone attempted an SSH based Realm for JSecurity?
1.a If so, I'd like to not duplicate efforts and would appreciate
knowing about it. I'm not seeing anything in the API like it, or
reading anything on the mailing lists.
1.b If not, then I'd like to solicit feedback on the general
usefulness of such a feature. I can make my code available under the
ASL 2.0 for contribution (though, I need to write an abstraction since
I'm currently tightly coupled with Trilead).
2) Has anyone attempted a native local authentication before? I.e. not
Kerberos, LDAP, or Active Directory, but more like straight unix Crypt
login or NTLM on Winders? Maybe using shaj or some other similar
library? Doesn't Acegi already have something like this?
3) Any other thoughts, directions or potential speed bumps on these two
Realm options?
Thanks much,
Adam Taft
