[jboss-dev-forums] [Design of Security on JBoss] - Re: SASL Authentication
acoliver@jboss.org
do-not-reply at jboss.com
Thu Mar 15 15:47:09 EDT 2007
Scott this is similar to what we here (http://www.jboss.com/index.html?module=bb&op=viewtopic&t=69569&start=10) in UserRolesLoginModule (which allowed you to check the incoming PWD against MD5HEX[PWD+SharedSecret]). This is sorta the reverse since the password is used to hash the secret. If you look here: http://www.faqs.org/rfcs/rfc2222.html at their IMAP example. Supposing that a JBoss login module provides the user/password then w/o exposing user/password up the stack, this allows you to use the login module to authenticate w/sasl using any of the existing JBoss login modules. Allowing JBoss to authenticate to LDAP w/sasl is an othogonal concern (probably more suited to later extension of what is presently the LdapExtLoginModule thingy). Dos that make sense?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4028516#4028516
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4028516
More information about the jboss-dev-forums
mailing list