1 Reply Latest reply on Nov 1, 2003 10:28 AM by juha

Authentication and ClientLoginModule Question

yangyuexiang Oct 26, 2003 7:39 PM

Hello, guys

Considering the ClientLoginModule is the only supported mechanism for a client to establish the current thread's caller, both standalone client applicatins and server enviroments, acting as JBoss EJB clients where the security enviroment has not been configured to use JBossSX transparently, need to use the ClientLoginModule.

Question:

Is username/password pair enough to cover all the authentication mechanisms? (In some cases, it is not obvious to use username and password.)

E.g., In Jabber's JEP-0078 (about the jabber authentication), the working procedure is:

(1) client ask the server to get an sessionID (String).
(2) Client hash the String (UserID+SessionID) by its own password and send this hash to the server
(3) the server then verify whether the user is a good citizen.

Under this case, how to use the ClientLoginModule to pass the username and password to the server and use DatabaseServerLoginModule to authenticate it?

Regards
yang

1. Re: Authentication and ClientLoginModule Question

juha Nov 1, 2003 10:28 AM (in response to yangyuexiang)

You need to create your own implementation of client and server side login modules that support two way handshake negotiation between the server and client.

See SRP for an example of one such implementation.

-- Juha
Actions