Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [stellation-res] why doesn't stellationd require a "password" argument? 
On Monday 22 July 2002 09:32, Florin Iucha wrote:
> On Mon, Jul 22, 2002 at 09:19:41AM -0400, Mark C. Chu-Carroll wrote:
> > We already have a pretty decent authentication framework. I'd be
> > willing to support changes to the auth layer if they had a real
> > benefit. But I'm not willing to switch just for the sake of switching.
> >
> > Our current authentication system supports pluggable authentication
> > modules, challenge authentications, etc. It's really pretty decent.
> >
> > The main weakness of it, at the moment, is that we're not doing anything
> > clever to protect user passwords in the database - so protecting the
> > security of the database becomes important, and we're not doing a
> > great job of that yet. But that's not a huge deal to fix: the database
> > should be run in a protected mode, so that you need a password
> > to establish a database connection; the the password storage
> > should be changed to not use plaintext; and the encryption key
> > to decode the stored passwords should only be accessible
> > using an administators key. None of these are hard to do.
> >
> > Switching to JAAS might make sense, because it's a standard
> > mechanism.
>
> The benefits being that there might be more people understanding it
> and we get somebody else to review and maintain it for free. 

I agree here. I was arguing for the need for justification for using
a non-standard auth mechanism other that what we already have.
With JAAS a standard part of JDK 1.4, I think switching to
something other than that is a mistake *unless* significant
benefits can be had.

> >            If it could be done without adding a huge amount
> > of complexity to the system, I'd like to see it happen.
>
> As I see it now it will remove more code than it adds.

Hurrah! There's nothing more beautiful than removing code in
order to reach a better solution! (I'm not joking here. That's been
one of our general rules building Stellation. Small is good!)

> For a small setup, sending passwords around is OK. If they want more
> security than that, they can set up kerberos and use its ticket-granting
> capabilities.

Ideally, I'd like to be able to do a challenge auth without having
to install kerberos. I'm just downloading and printing JAAS docs now:
how hard would it be to add a challenge auth module to JAAS?

	-Mark

-- 
Mark Craig Chu-Carroll,  IBM T.J. Watson Research Center  
*** The Stellation project: Advanced SCM for Collaboration
***		http://www.eclipse.org/stellation
*** Work Email: mcc@xxxxxxxxxxxxxx  ------- Personal Email: markcc@xxxxxxxxxxx

Back to the top