1 Reply Latest reply on May 25, 2005 2:31 PM by Juha Lindfors

    True challenge & response authentication possible?

    Jan Peter Stotz Newbie


      I am just trying figure out if it is possible to authenticate in JBoss using a random challenge.
      According to "8.4.1. How the JaasSecurityManager Uses JAAS" (http://docs.jboss.org/jbossas/jboss4guide/r1/html/ch8.chapter.html#d0e18089) JAAS only allows to pass the login credentials from client to the server.
      I want to use a more dynamic login procedure:

      The "password" is not is a signed hash of some random data, received previously from the server. By knowing the client's public key if the server can verify the clients identity.

      Is this generally possible with JAAS or the JBoss authentication concept?