简体繁体 English

如何增加半径到jboss ldap认证？

[英]How to add radius to jboss ldap authentication?

原文 2010-09-30 09:17:39 8 1 java/ jboss/ ldap/ jaas/ radius

This is a long shot but I thought it was worth a try. 这是一个长镜头，但我认为值得尝试。

We have designed a java servlet running on jboss and authenticating using ldap (edit: via JAAS). 我们设计了一个Java Servlet，它运行在jboss上并使用ldap进行身份验证（编辑：通过JAAS）。 Now the customer wants to change to radius authentication for some of the users who uses one-time generated passwords. 现在，客户希望对使用一次性生成的密码的某些用户更改为半径身份验证。 but still only have the two login fields; 但仍然只有两个登录字段； username and password. 用户名和密码。 Since we still need user information from ldap, is this possible without sacrificing security? 由于我们仍然需要来自ldap的用户信息，是否可以在不牺牲安全性的情况下实现？ I still need to authenticate in ldap to get the user context. 我仍然需要在ldap中进行身份验证才能获取用户上下文。 but getting no password I don't see how. 但没有密码，我看不到。 Can I make ldap contact radius for some of the users? 我可以为某些用户设置ldap接触半径吗？ Maybe I should just say no and make them accept three fields and an additional check against radius after logging into ldap. 也许我应该说不，让他们登录ldap后接受三个字段和一个额外的半径检查。

1 个解决方案

If you are using JAAS then it is only a matter of stacking the right LoginModules and configuring them. 如果您使用的是JAAS，则只需堆叠正确的LoginModules并对其进行配置。 http://www.ibm.com/developerworks/offers/lp/demos/summary/jaas.html?S_TACT=105AGX30&S_CMP=DEVXODD In short words JAAS and the other authentication frameworks I am aware of (Acegi/Spring Security eg) offer a way to configure a single set of credentials (username/password pair, single-sign-on token, etc) to be passed through several authentication modules with the final decision being very flexible. http://www.ibm.com/developerworks/offers/lp/demos/summary/jaas.html?S_TACT=105AGX30&S_CMP=DEVXODD简而言之，JAAS和我知道的其他认证框架（例如Acegi / Spring Security）提供一种配置一组凭据（用户名/密码对，单点登录令牌等）以通过多个身份验证模块传递的方式，最终决定非常灵活。 Moreover with these frameworks, you can get user data being loaded from one user-data repository after authentication by another. 此外，使用这些框架，您可以在另一个用户身份验证之后从一个用户数据存储库中加载用户数据。