Jaas Login Module for Windows & Linux
Question
Can somebody work on jaas login modules. I was going through docs & my understanding is there is ntlogin module, unix login module comes with sun-jdk.
I want to is these login module can 1. Authenticate with OS users 2. Provide groups of that user.
basically I want to authenticate with os. Input is username, password & group name. I want to know if username, password combination is right & user belong to that group.
I want to authenticate with windows & popular linux distros such as RHEL, Suse, CentOS.
I dont want to do LDAP authentication only os authentication.
For windows, there is waffle library available. But I am not able to authenticate when using 64bit machine. On 32bit it runs fine.
For linux, there is jpam, but it doesn't give group. It will just check username, password combinateion.
2 answers
solution1
0 2012-04-15 09:34:10
As far as I remember JAAS is about Java code and vm related authorization: is current running code authorized to do something?
I think it's easier to use some os native wrapping scripts to authenticate user and then just extract user info in your Java code.
solution2
0 2017-07-17 12:26:34
I was looking for the same thing. So far I've found that the Unix "login module" actually doesn't do any authentication; it creates Principals for the process' owner's user and group, and adds them to the Subject. This makes it fairly useless for, say, authenticating webapp sessions.
You are going to need native code to authenticate OS credentials, but it should be possible to hook that into JAAS. It makes sense to make that native code into a small and simple external helper program (like one of the many 'checkpasswd' programs that come with similar frameworks to solve the same problem) because it will need elevated privileges to gain access to the stored keys.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.