[jboss-as7-dev] How hard would it be to support key based auth by default to make life simpler and more secure ?

[Anil Saldhana]

Max,
   as Jason pointed out.  The challenges are the setup required.

If each of the elements you mention (mvn deploy plugin, cli, arquilian 
etc) support PKI, then we can do that.

I am unsure that our users would want the added pain of setting up PKI.

Regards,
Anil

On 11/13/2011 12:49 PM, Max Rydahl Andersen wrote:
> Hi,
>
> Been thinking about the new username/password requirements.
>
> These will make all examples that uses maven deploy plugin, cli scripts, arquillian, jboss tools etc. to somehow
> either tell users to type in their username and full password in clear text in pom.xml and other files.
>
> Which sounds worse to me than a default locked down to only localhost…but I'm not a security expert :)
>
> I was wondering how hard it would be to make the authentication support key based auth by default and we make
> the tools use ${user.name} and ${user.home}/.jboss/default.pub and .priv (or some other name) for the public/private keys ?
>
> Then the tooling (cli, IDE plugins etc.) could create these by default and examples could use ${user.name} and ${user.home}/.jboss/default.pub as
> the preconfigured parameters.
>
> The examples would run out of the box and it would be limited to work from the machine that actually got the right key ( simpler and more secure)
> vs to the current AS7.1 master solution where examples won't run out of the box and when configured will run from anywhere - i.e. harder and less secure)
>
> WDYT ?
>
> /max
> http://about.me/maxandersen
>