Thanks to Sairam for responding to your question as well.
I just wanted to reiterate that the authenticator must be installed on
each machine in order for user trust to be used. Authentication data is
sent along with other information when submitting a STAF service request
to a remote machine. The remote machine also performs authentication
using this data (as another check to prevent any misuse). Note that a
STAF authenticator can specify that it requires a secure connection so
that authentication data is only sent if the data is being sent via the
STAF secure TCP/IP connection provider.
You can write your own STAF authenticator service instead of using the
sample authenticator that we provide on SourceForge. For example, we have
written our own STAF authenticator service that authenticates using my
company's Intranet Password authenticate API to authenticate using our
existing intranet userids and credentials.. Our authenticator (which is
only available within my company) requires using the STAF secure TCP/IP
connection provider for added protection.
--------------------------------------------------------------
Sharon Lucas
IBM Austin, luc...@us.ibm.com
(512) 286-7313 or Tieline 363-7313
agou <a...@talktalk.net>
01/22/2009 12:27 AM
To
Sharon Lucas/Austin/i...@ibmus
cc
staf <staf-users@lists.sourceforge.net>
Subject
Re: [staf-users] Trust?
Sharon, thank you for your patience with me - I'm sorry if I do go on
and on about this. I find the subject very intriguing, although I don't
anticipate any security problems on my network.
What I am thinking about is - a user can install staf on his own desktop
and then create a "false" authenticator of the same name as the real one
on the servers, which gives his username trust level 5. Wouldn't that
give him level 5 access to the rest of the servers? Or are the
credentials sent along with the requests and validated on the other
servers? I know I am going to be asked this question, so I'd like to
understand it.
/jan
Sharon Lucas wrote:
> No, you only given trust level 5 to those user ids that you want to have
> trust level 5. You can only authenticate a user id if you know the
> password (its credentials).
>
> Also, note that to perform user authentication across systems, the
> authenticator must be registered as the same name on all machines where
> you want to use user trust authentication.
>
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
staf-users mailing list
staf-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/staf-users
