Hi,
That's what I figured too, so in my client CallbackHandler, I need to
have something that will crypt the plain text the same way that the Unix
password system does it. I was wondering if anyone knew how.
Thanks,
Sanjesh Pathak wrote:
Hi,
The only alternative I see here is for the client to use the encrypted
password as the password instead of the plain unix password.
Sanjesh
-----Original Message-----
From: Don Tam [mailto:[EMAIL PROTECTED]
Sent: Friday, October 07, 2005 8:43 AM
To: [email protected]
Subject: Explanation of authentication
Hi,
I couldn't gather any information on the WSS4J site, so I was wondering
if someone could explain to me how the authentication is done. The way
I understand it is:
1. Client requests a webservice
2. Server asks for authentication
3. Client grabs the password using a CallbackHandler and sets it on the
callback
4. Server receives the usertoken, grabs the password it expects, and
sets it on a seperate callback
5. Something somewhere compares the passwords on these two callbacks?
A problem I am having is that the server authenticates against the Linux
system's user's password, so I use getpwnam() to get the crypted
password, and set it on the callback on the server side. How do I crypt
it the same way on the client side? Don't I need the crypted password
from the server side as the salt?
Thanks,
--
Don Tam
Manager, Software Development
(416)493-6111x143
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
