[jboss-as7-dev] How hard would it be to support key based auth by default to make life simpler and more secure ?

[Max Rydahl Andersen]

>>> 
>>> These will make all examples that uses maven deploy plugin, cli scripts, arquillian, jboss tools etc. to somehow
>>> either tell users to type in their username and full password in clear text in pom.xml and other files.
>>> 
>>> Which sounds worse to me than a default locked down to only localhost…but I'm not a security expert :)
>>> 
>>> I was wondering how hard it would be to make the authentication support key based auth by default and we make
>>> the tools use ${user.name} and ${user.home}/.jboss/default.pub and .priv (or some other name) for the public/private keys ?
>> 
>> You would need a key-based SASL authentication mechanism.  There are no 
>> standard ones as of right now.  If you know of a key-based SASL 
>> mechanism that you think we should support, let me know and we'll 
>> evaluate it.
> 
> We would have to do noauth + SSL + trust. I think it's an option worth considering. The big problem though is that we have to have a setup process to generate the certs, which is greater complexity than the user/pass option. We would have to generate a host key pair and a client key pair. 


I'm not an expert on these things at all but eclipse uses http://www.jcraft.com/jsch/ to manage and create ssh keys and uses the standard .ssh location's etc.

Is something additional needed ?

/max
http://about.me/maxandersen