Java和系统用户身份验证
[英]Java and system user authentication
问题描述
I'm in the process of writing a server application that mainly allows people to submit jobs to a DRM system (eg TORQUE) over RMI. 
我正在编写一个服务器应用程序,该程序主要允许人们通过RMI将作业提交到DRM系统(例如TORQUE)。 The application needs to run as root so that it can submit proxy jobs (where a job is run as a user other than the user who submits it), however this obviously isn't secure - the user name is simply a string parameter in the RMI. 该应用程序需要以root用户身份运行,以便可以提交代理作业(其中,以提交用户以外的其他用户身份运行作业),但这显然是不安全的-用户名只是RMI。 Anyone could pass any user name in and have a job run as that user. 任何人都可以传入任何用户名并以该用户身份运行作业。
What's the best way to get Java to authenticate this user name against authorised users of the system (with the aid of a password that would also be passed in)? 使Java针对系统的授权用户对用户名进行身份验证的最佳方法是什么(借助于还将传递的密码)? I've had a look at JAAS and Apache Shiro, but they seem to be all about creating your own authentication methods. 我看过JAAS和Apache Shiro,但它们似乎都是关于创建自己的身份验证方法的。 I want to use the system's existing authentication methods (Unix-like system), whatever they happen to be. 我想使用系统现有的身份验证方法 (类似Unix的系统),无论它们是什么。 Essentially if the user can SSH in, they're all right. 本质上,如果用户可以使用SSH进行登录,那就可以了。
1 个解决方案
解决方案1
1 已采纳 2010-09-03 13:29:06
If your backend uses LDAP (which is possible if you have to manage a relatively large number of users for which a local /etc/passwd might be tedious), you can use JAAS and the existing LdapLoginModule . 如果您的后端使用LDAP(如果您必须管理相对大量的本地/etc/passwd可能很乏味的用户,则可以这样做),则可以使用JAAS和现有的LdapLoginModule 。
If you want to authenticate against you local system (assuming Linux server) without this, it looks like JAAS-PAM might be able to help, although I've never tried it. 如果不这样做就想对本地系统(假设Linux服务器)进行身份验证,尽管我从未尝试过,但是JAAS-PAM似乎可以提供帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.