2 Replies Latest reply on Mar 19, 2002 9:36 PM by rgjawanda

    Authentication against Windows NT and Solairs/Unix

    irenekam

      Hello all,

      My application needs to authenticate a given user id and
      password against the underlying operating system, so I
      need to authenticate against either Unix or Windows NT.
      I have tried the NTLoginModule and UnixLoginModule in
      Sun's com.sun.security.auth.module package, but these
      modules DO NOT accept user ids and password. They ONLY
      return you the principal/subject for the currently
      logged in user, so there's no way for these modules to
      accept some other user id and password to do
      authentication.

      I would like to know if these's any other way to do
      NT and Unix authentication, given some user id and passwd.
      Some suggestions I have seen is to try to use JNI to
      invoke some native Windows functions to do authentication.
      I would really like to avoid that if possible.

      Another question is: is it possible to use JNDI somehow
      to authenticate agains Window and Unix? (We are not using
      NIS on Unix, but just the normal /etc/passwd file)? Are
      there some classes provided by JBoss to do
      authentication against NT and Unix?

      Thanks in advance for any help!

        • 1. Re: Authentication against Windows NT and Solairs/Unix
          irenekam

          Hi everybody,

          I would like to augment my previous post with this
          question: It seems like WebLogic has something called a
          NTRealm to handle user authentication with NT domains.
          Does JBoss have something similar for this purpose?

          Thanks in advance.

          • 2. Re: Authentication against Windows NT and Solairs/Unix
            rgjawanda

            I am struggling with this situation as well. I am implementing JBOSS and TOMCAT in a WINDOWS/UNIX env.
            Here is what I have done so far.
            If you use IIS4/5 and have a ISAPI filter installed to redirect to tomcat you turn on NT authentication on the website (under IIS admin).
            You can then extract (in a servlet) the LOGON_USER.
            This is my first step at getting who the person actually is.

            ie: In my case this returns DOMAIN\myusername
            So... anyone going to the corporate web site doesn't have to login and my code knows who they are comming into the website as.

            I then pass this along to my EJB for database access.

            does this help at all?
            What it did for me was to remove the need to put up a login page.