-
1. Re: 'sufficient' loginmodules combined with ClientLoginModul
ragavgomatam May 16, 2008 9:16 PM (in response to pieter.kuijpers)There are 4 jaas flags. (a) Sufficient - If this succeeds, no other module down the chain is invoked. Login succeeds (b) required -- This must succeed for overall authentication to succeed. If it fails control is passed to other module in the chain (c) requisite -- This must succeed. If it fails, control is not passed down the chain (d) Optional -- Well can pass/fail.
Try as follows :-
LdapModule1==>required
LdapModule2==>required
ClientModule==>Optional -
2. Re: 'sufficient' loginmodules combined with ClientLoginModul
pieter.kuijpers May 19, 2008 11:06 AM (in response to pieter.kuijpers)Thanks for the reply. However, that configuration doesn't do what I want:
In this situation:
LdapModule1 (required)=>pass
LdapModule2 (required)=>fail
ClientModule (optional)=>pass
I want the authentication process to pass. But as LdapModule2 is required, the overall result is fail.
Also, I want:
LdapModule1=>fail
LdapModule2=>fail
ClientModule=>pass
Overall=====>fail
As far as I understand, there is no configuration that could do that. The problem is the ClientModule that always passes, even though it doesn't do any real authentication. I think it would be more sensible if ClientModule always returned 'fail', then we could flag it as 'optional'.