You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by twaldrep <tr...@pervasive.com> on 2011/07/27 00:00:17 UTC
Custom JAAS Login Module
AFAIK, Karaf uses a custom JAAS Login module to control remot web console,
SSH, and JMX access.
I know that there are ways to specify additional providers, but is there a
"clean" way to specify our own JAAS Login module instead of the one provided
by Karaf? We would like to force all remote access through our
authentication layer.
Thanks in advance,
Troy
--
View this message in context: http://karaf.922171.n3.nabble.com/Custom-JAAS-Login-Module-tp3201689p3201689.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Custom JAAS Login Module
Posted by twaldrep <tr...@pervasive.com>.
Thanks. This provides the information that I was looking for.
--
View this message in context: http://karaf.922171.n3.nabble.com/Custom-JAAS-Login-Module-For-web-console-SSH-JMX-Remote-Access-tp3201689p3204003.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Custom JAAS Login Module
Posted by Guillaume Nodet <gn...@gmail.com>.
The advanced security guide is located at
http://karaf.apache.org/manual/2.2.2/developers-guide/security-framework.html
You can deploy your own bundle with your own module inside it and
eventually remove the default one provided by Karaf.
On Wed, Jul 27, 2011 at 01:22, twaldrep <tr...@pervasive.com> wrote:
> Thanks, but I've looked at that documentation, but our requirement is a
> little more involved.
>
> We have our own authentication mechanism that we use for authentication into
> our web application that is hosted in jetty/karaf/servicemix. We really
> want to be able redirect all other access points (SSH, JMX, etc.) through
> our authentication scheme as well. Since Karaf's authentication is based on
> JAAS, we should be able to replace Karaf's JAAS Login module with our own
> (at least in theory).
>
> Thanks,
>
> Troy
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Custom-JAAS-Login-Module-For-web-console-SSH-JMX-Remote-Access-tp3201689p3201832.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
--
------------------------
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
Open Source SOA
http://fusesource.com
Re: Custom JAAS Login Module
Posted by Glen Mazza <gm...@talend.com>.
I don't personally know but the Karaf source code is not very large,
just by examining how its JAAS Login module is linked into Karaf you may
be able to determine what needs to be done to link your implementation
instead without much difficulty. If your solution requires you to
rebuild Karaf, however, because Karaf doesn't allow you to configure an
interface implementation or similar via external configuration file,
probably good to enter a JIRA tracker item to have the functionality added.
Glen
On 07/26/2011 07:22 PM, twaldrep wrote:
> Thanks, but I've looked at that documentation, but our requirement is a
> little more involved.
>
> We have our own authentication mechanism that we use for authentication into
> our web application that is hosted in jetty/karaf/servicemix. We really
> want to be able redirect all other access points (SSH, JMX, etc.) through
> our authentication scheme as well. Since Karaf's authentication is based on
> JAAS, we should be able to replace Karaf's JAAS Login module with our own
> (at least in theory).
>
> Thanks,
>
> Troy
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Custom-JAAS-Login-Module-For-web-console-SSH-JMX-Remote-Access-tp3201689p3201832.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
--
Glen Mazza
Application Integration Division
Talend (http://www.talend.com/ai)
blog: http://www.jroller.com/gmazza
Re: Custom JAAS Login Module
Posted by twaldrep <tr...@pervasive.com>.
Thanks, but I've looked at that documentation, but our requirement is a
little more involved.
We have our own authentication mechanism that we use for authentication into
our web application that is hosted in jetty/karaf/servicemix. We really
want to be able redirect all other access points (SSH, JMX, etc.) through
our authentication scheme as well. Since Karaf's authentication is based on
JAAS, we should be able to replace Karaf's JAAS Login module with our own
(at least in theory).
Thanks,
Troy
--
View this message in context: http://karaf.922171.n3.nabble.com/Custom-JAAS-Login-Module-For-web-console-SSH-JMX-Remote-Access-tp3201689p3201832.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Custom JAAS Login Module
Posted by Achim Nierbeck <bc...@googlemail.com>.
I'm not sure if this helps already but on [1] you might find your answer.
If not I'm sure someone else is stepping up :-)
regards, Achim
[1] http://karaf.apache.org/manual/2.2.2/users-guide/security.html
Am 27.07.2011 00:00, schrieb twaldrep:
> AFAIK, Karaf uses a custom JAAS Login module to control remot web console,
> SSH, and JMX access.
>
> I know that there are ways to specify additional providers, but is there a
> "clean" way to specify our own JAAS Login module instead of the one provided
> by Karaf? We would like to force all remote access through our
> authentication layer.
>
> Thanks in advance,
>
> Troy
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Custom-JAAS-Login-Module-tp3201689p3201689.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
--
--
*Achim Nierbeck*
Apache Karaf<http://karaf.apache.org/> Committer& PMC
OPS4J Pax Web<http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer& Project Lead
blog<http://notizblog.nierbeck.de/>