2 Replies Latest reply on Jul 16, 2003 5:51 PM by mcorey

    Linux JAAS LoginModule

    mcorey
    mcorey Jul 10, 2003 11:46 PM

      Is there a LoginModule available that authenticates web users against the Linux system users? I'd like to use something like this to protect some internal web applications to users who already have certain permissions on the machine.

      m

      • 3737 Views
      • Tags:
        • 1. Re: Linux JAAS LoginModule
          dlindsay42
          dlindsay42 Jul 15, 2003 3:38 PM (in response to mcorey)

          I'm not for sure if this is what you want, but I ran across these various login modules the other day...
          http://www.cs.umb.edu/~bill/java/jdk1.4/src/com/sun/security/auth/module/
          if nothing else, the unixloginmodule.java should be a good starting point.

          david

            • Actions
          • 2. Re: Linux JAAS LoginModule
            mcorey
            mcorey Jul 16, 2003 5:51 PM (in response to mcorey)

            Originally I thought those would do the trick, but it turns out that it's only useful for client-side apps... it will attempt to log you in with the 'current user', which means whatever user is configured to run JBoss on the server... not a very good way to secure a website, unfortunately...

            I did find a package called ShadowJAAS (http://www.bablokb.de/jaas/), which reads the Linux shadow passwords, and works for server-side apps... I can't get it to work unless I run JBoss or Tomcat as the 'root' user, though, which I'm not about to do... It actually has a bit of native code to do the reading, to take care of exactly the problem that I'm having with it, but it doesn't seem to work (even running it's test manually)... Does anyone have any experience with this?

            m

              • Actions