1 Reply Latest reply on Nov 1, 2003 10:28 AM by Juha Lindfors

    Authentication and ClientLoginModule Question

    hat Newbie

      Hello, guys

      Considering the ClientLoginModule is the only supported mechanism for a client to establish the current thread's caller, both standalone client applicatins and server enviroments, acting as JBoss EJB clients where the security enviroment has not been configured to use JBossSX transparently, need to use the ClientLoginModule.

      Question:

      Is username/password pair enough to cover all the authentication mechanisms? (In some cases, it is not obvious to use username and password.)

      E.g., In Jabber's JEP-0078 (about the jabber authentication), the working procedure is:

      (1) client ask the server to get an sessionID (String).
      (2) Client hash the String (UserID+SessionID) by its own password and send this hash to the server
      (3) the server then verify whether the user is a good citizen.

      Under this case, how to use the ClientLoginModule to pass the username and password to the server and use DatabaseServerLoginModule to authenticate it?


      Regards
      yang