Hi.

I am just trying figure out if it is possible to authenticate in JBoss using a random challenge.
According to "8.4.1. How the JaasSecurityManager Uses JAAS" (http://docs.jboss.org/jbossas/jboss4guide/r1/html/ch8.chapter.html#d0e18089) JAAS only allows to pass the login credentials from client to the server.
I want to use a more dynamic login procedure:

The "password" is not is a signed hash of some random data, received previously from the server. By knowing the client's public key if the server can verify the clients identity.

Is this generally possible with JAAS or the JBoss authentication concept?

Jan