| Re: [stellation-res] why doesn't stellationd require a "password" argument? |
On Mon, Jul 22, 2002 at 03:41:52AM -0400, Jason Rimmer wrote: > JAAS is nasty and complicated to integrate. Perhaps a simple > authentication/authorization framework such as the one implemented in > Jakarta's Turbine would be a decent start? It's not tightly coupled > with Turbine (nor a web interface) and has a relational backend. Once > that's working you could switcheroo it's implementation with the JAAS > backend. > You would certainly have a decent user authentication/authorization > framework up quickly. I have looked over JAAS this weekend. The authentication part is trivial to use. It is also trivial to write a plugin for JAAS to authenticate against the "users" table that is now used. I will post the LoginModule code today or tomorrow. I have also looked (rather superficially) on the authentication mechanism in Stellation. The "challenge" reminds me of Kerberos for some reason: you authenticate with Kerberos and then get tickets that you send around the network to prove you did. JAAS already has an implementation for Kerberos. The authorization is more complicated, but Stellation needs a robust ACL mechanism. Rather than reinvent the wheel, let's borrow this one from SUN. If it doesn't work in the long run, we can replace it, but I think the ACL work just takes time away from the more interesting developments. Cheers, florin -- "If it's not broken, let's fix it till it is." 41A9 2BDE 8E11 F1C5 87A6 03EE 34B3 E075 3B90 DFE4
Attachment:
pgpSmlaBRlH18.pgp
Description: PGP signature