Authentication and role management

[Sarah Walters <sa...@uow.edu.au>]

This is my first post to the tomcat list, so hello all.

I am working on a project to automate management of a service via a web
interface. I need to be able to authenticate users of my software and assign
roles to them. So far, standard Realm stuff. But I have a couple of hiccups.

Firstly, I do not want to have to add users to a database. I am looking at
several hundred potential users of the system, and I want them to use their
existing unix/email passwords. The passwords are stored in NIS+, and only
root has access to them. We have a program that can confirm if a password
is true or false, and I am considering writing my own realm implementation
that first checks their passwords using this program (setuid) then gets
role information elsewhere.

We also have a radius server, and LDAP, but I cannot add role information to
the LDAP directory.

All the users who will need to access the service are members of a particular
unix group. I would like to base the role on the user's GID. I will need some
extra roles as well, to allow for extra functionality for certain staff. I can
store that information in a database.

I am thinking that I will need to write my own Realm, with appropriate 
classes to support it. Before I tackle that, does anyone have a better idea?
Also, would you use radius or make a system call to a program?

Thanks,

Sarah


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>