1 Reply Latest reply on May 27, 2003 9:46 AM by halset

Posts: 12 Registered: Nov, 2002 JAAS LoginModule val

halset May 25, 2003 2:41 PM

Out passwords (RSA SecurID tokens) are changing every minute.

Even without a session-timeout it looks like the loginmodule are asked for password verification every 15 minute for the same (servlet)session. Obviously the password are not correct any more.

Is it possible to configure the jboss+tomcat so that the loginmodule's verifyPassword are asked at the start of a session, but not every 15 minute?

- Tore.

1. Re: JAAS LoginModule validatePassword each 15minute

halset May 27, 2003 9:46 AM (in response to halset)

I have created a subclass of FormAuthenticator that appends the sessionid to the password before it is stored in the session. My RSALoginModule splits the password and sessionid and store a hash of it in a persistant store.

It is a bit ugly, but it works :)
Actions