Hi, The only alternative I see here is for the client to use the encrypted password as the password instead of the plain unix password.
Sanjesh -----Original Message----- From: Don Tam [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:43 AM To: [email protected] Subject: Explanation of authentication Hi, I couldn't gather any information on the WSS4J site, so I was wondering if someone could explain to me how the authentication is done. The way I understand it is: 1. Client requests a webservice 2. Server asks for authentication 3. Client grabs the password using a CallbackHandler and sets it on the callback 4. Server receives the usertoken, grabs the password it expects, and sets it on a seperate callback 5. Something somewhere compares the passwords on these two callbacks? A problem I am having is that the server authenticates against the Linux system's user's password, so I use getpwnam() to get the crypted password, and set it on the callback on the server side. How do I crypt it the same way on the client side? Don't I need the crypted password from the server side as the salt? Thanks, -- Don Tam Manager, Software Development (416)493-6111x143 [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
