Re: [stellation-res] why doesn't stellationd require a "password" argume

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [stellation-res] why doesn't stellationd require a "password" argument?

From: florin@xxxxxxxxx (Florin Iucha)
Date: Mon, 22 Jul 2002 09:54:36 -0500
Delivered-to: stellation-res@xxxxxxxxxxxxxxx
List-archive: <http://dev.eclipse.org/pipermail/stellation-res/>
List-help: <mailto:stellation-res-request@dev.eclipse.org?subject=help>
List-subscribe: <http://dev.eclipse.org/mailman/listinfo/stellation-res>, <mailto:stellation-res-request@dev.eclipse.org?subject=subscribe>
List-unsubscribe: <http://dev.eclipse.org/mailman/listinfo/stellation-res>, <mailto:stellation-res-request@dev.eclipse.org?subject=unsubscribe>
User-agent: Mutt/1.3.28i

On Mon, Jul 22, 2002 at 10:24:25AM -0400, Mark C. Chu-Carroll wrote:
> > For a small setup, sending passwords around is OK. If they want more
> > security than that, they can set up kerberos and use its ticket-granting
> > capabilities.
> 
> Ideally, I'd like to be able to do a challenge auth without having
> to install kerberos. I'm just downloading and printing JAAS docs now:
> how hard would it be to add a challenge auth module to JAAS?

If by "challenge auth" mechanism you mean "disposable passwords" then it
would not be hard at all.

Do you have the "challenge auth" documented somewhere? I assume it is
something like this:
   - user accesses resource
   - system prompts for password or disposable password
   - user enters password
   - system validates password
   - if password bad, make loud buzz. stop
   - system generates disposable password and hands back to the user
   - user accesses resource
   - system asks for password or disposable password
   - user provides disposable password
   - system grants access to resource

Am I close?

florin

-- 

"If it's not broken, let's fix it till it is."

41A9 2BDE 8E11 F1C5 87A6  03EE 34B3 E075 3B90 DFE4

Attachment: pgpmuz8NvJIhF.pgp
Description: PGP signature

Follow-Ups:
- Re: [stellation-res] why doesn't stellationd require a "password" argument?
  - From: Mark C. Chu-Carroll

References:
- Re: [stellation-res] why doesn't stellationd require a "password" argument?
  - From: Ringo De Smet
- Re: [stellation-res] why doesn't stellationd require a "password" argument?
  - From: Mark C. Chu-Carroll
- Re: [stellation-res] why doesn't stellationd require a "password" argument?
  - From: Florin Iucha
- Re: [stellation-res] why doesn't stellationd require a "password" argument?
  - From: Mark C. Chu-Carroll

Prev by Date: Re: [stellation-res] checkin core revision main@@7, misc workspace changes
Next by Date: Re: [stellation-res] why doesn't stellationd require a "password" argument?
Previous by thread: Re: [stellation-res] why doesn't stellationd require a "password" argument?
Next by thread: Re: [stellation-res] why doesn't stellationd require a "password" argument?
Index(es):
- Date
- Thread

Breadcrumbs