1 2 Previous Next 16 Replies Latest reply on Jun 11, 2007 6:47 AM by anil.saldhana Go to original post
      • 15. Re: SASL Authentication
        mikezzz May 23, 2007 10:44 AM (in response to mikezzz)

        There are 2 issues that I can see implementing it in this manner.

        1. SASL doesn't use a standard set of credentials, it uses a challenge/response mechanism. So I guess that the credential Object would have to be some kind of interface allowing a callback. Not impossible, but requires a messy cast, and how this interacts with a JAAS LoginContext/CallbackHandler is not clear to me.

        2. The Java SASL implementation requires that you pass the user's expected password into the SASL engine during the authentication process. This means I need to call the protected getUsersPassword() method from the UsernamePasswordLoginModule. The only way to access this method (in a non-evil manner) is to make the functionality part of that class hierarchy.

        Mike.

          • Actions
        • 16. Re: SASL Authentication
          anil.saldhana
          anil.saldhana Jun 11, 2007 6:47 AM (in response to mikezzz)

          I brought this issue up with Scott during our last discussion and he concurred with my assessment of SASL doing JAAS and not the other way.

            • Actions
          1 2 Previous Next