Background:
The code donated for Trafodion includes some basic support using OpenLDAP to authentication users. As we go forward in Trafodion, we need to support more authentication solutions such as Kerberos. This email asks for feedback from the users group for possible solutions for a plug-n-play solution. It was prompted from a conversation on a related topic from Pierre regarding the JIRA TRAFODION-2059. Discuss: One idea is to support a central authentication infrastructure to replace out current LDAP solution. Any consumer that requires authentication would call a set of generalized APIs. Behind these API's would be the actual authentication solutions. There would be API's in the client that would generate and send information to the server such as encrypted passwords or single sign-on details. There would be API's in the server to interpret this information. When new authentication solutions are required, the new solution would be plugged into the authentication infrastructure with minimal changes to the consumers. Are there any authentication solutions that exist today that we could use for our authentication code? For example, the product Apache Shiro provides a Java security framework that performs authentication, among other things, using generic API's that can be extended for different authentication solutions. Other suggestions for providing a distribution free solution to manage authentication? Regards, Roberta
