3 Replies Latest reply on Dec 14, 2004 11:17 AM by starksm64

useFirstPass option

scroyston Dec 13, 2004 12:57 PM

From Sun's JAAS faq http://java.sun.com/security/jaas/faq.html:

Q: What are the standard LoginModule-specific options I can use?
A: We haven't published a standard list, but here is a list of options commonly used. Note that the following is simply a guideline. Modules are free to support a subset (or none) of the following options.

tryFirstPass=true - The first LoginModule in the stack saves the password entered, and subsequent LoginModules also try to use it. If authentication fails, the LoginModules prompt for a new password and retry the authentication.
useFirstPass=true - The first LoginModule in the stack saves the password entered, and subsequent LoginModules also try to use it. LoginModules do not prompt for a new password if authentication fails (authentication simply fails).

However, it seems the JBoss LoginModule implementations interpret useFirstPass as 'Do not authenticate again'. Am I missing something?

Thanks

1. Re: useFirstPass option

scroyston Dec 13, 2004 12:57 PM (in response to scroyston)

We use useFirstPass as described for tryFirstPass=true.

The first LoginModule in the stack saves the password entered, and subsequent LoginModules also try to use it. If authentication fails, the LoginModules prompt for a new password and retry the authentication.

You have to love no standards.
Actions
2. Re: useFirstPass option

starksm64 Dec 14, 2004 12:36 AM (in response to scroyston)

We use useFirstPass as described for tryFirstPass=true.

The first LoginModule in the stack saves the password entered, and subsequent LoginModules also try to use it. If authentication fails, the LoginModules prompt for a new password and retry the authentication.

You have to love no standards.
Actions
3. Re: useFirstPass option

starksm64 Dec 14, 2004 11:17 AM (in response to scroyston)

Correct, the interpretation is different.
Actions

Go to original post