I'm planning to use SecureIdentityLoginModule and PBEIdentityLoginModule for encrypting these passwords as it was mentioned on Wiki.
However, I have a particular requirement that in PBEIdentityLoginModule, the pbepass, salt and prefereably iteration count to be provided by secured config file(which can't be accessed by anone except sysadmin) rather than hardcoding in this login-config.xml.
So, my questions:
Looks to me that the PBEIdentityLoginModule doesn't do this. Hence is it possible for me to extend this class and implement my own way? Does it break any existing stuff? Is it adviasable to extend this class? Is there any alternative?
If I have my custom class being used in this situation, does this custom class need to take care of login stuff too apart from the encyrption/decryption as other modules are doing?
Any input much appreciated.
Use the security forum to get answers to your questions.
Custom login module configuration is done conf/login-config.xml
and can be anything you like. You just tell JCA which one to use as described on the WIKI