You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Don Tam <dt...@consumercontact.com> on 2005/10/07 15:43:02 UTC
Explanation of authentication
Hi,
I couldn't gather any information on the WSS4J site, so I was wondering
if someone could explain to me how the authentication is done. The way
I understand it is:
1. Client requests a webservice
2. Server asks for authentication
3. Client grabs the password using a CallbackHandler and sets it on the
callback
4. Server receives the usertoken, grabs the password it expects, and
sets it on a seperate callback
5. Something somewhere compares the passwords on these two callbacks?
A problem I am having is that the server authenticates against the Linux
system's user's password, so I use getpwnam() to get the crypted
password, and set it on the callback on the server side. How do I crypt
it the same way on the client side? Don't I need the crypted password
from the server side as the salt?
Thanks,
--
Don Tam
Manager, Software Development
(416)493-6111x143
dtam@consumercontact.com
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Explanation of authentication
Posted by Don Tam <dt...@consumercontact.com>.
Hi,
That's what I figured too, so in my client CallbackHandler, I need to
have something that will crypt the plain text the same way that the Unix
password system does it. I was wondering if anyone knew how.
Thanks,
Sanjesh Pathak wrote:
>Hi,
>
>The only alternative I see here is for the client to use the encrypted
>password as the password instead of the plain unix password.
>
>Sanjesh
>
>-----Original Message-----
>From: Don Tam [mailto:dtam@consumercontact.com]
>Sent: Friday, October 07, 2005 8:43 AM
>To: wss4j-dev@ws.apache.org
>Subject: Explanation of authentication
>
>Hi,
>
>I couldn't gather any information on the WSS4J site, so I was wondering
>if someone could explain to me how the authentication is done. The way
>I understand it is:
>
>1. Client requests a webservice
>2. Server asks for authentication
>3. Client grabs the password using a CallbackHandler and sets it on the
>callback
>4. Server receives the usertoken, grabs the password it expects, and
>sets it on a seperate callback
>5. Something somewhere compares the passwords on these two callbacks?
>
>A problem I am having is that the server authenticates against the Linux
>system's user's password, so I use getpwnam() to get the crypted
>password, and set it on the callback on the server side. How do I crypt
>it the same way on the client side? Don't I need the crypted password
>from the server side as the salt?
>
>Thanks,
>
>
>
--
Don Tam
Manager, Software Development
(416)493-6111x143
dtam@consumercontact.com
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Explanation of authentication
Posted by Don Tam <dt...@consumercontact.com>.
Hi,
That's what I figured too, so in my client CallbackHandler, I need to
have something that will crypt the plain text the same way that the Unix
password system does it. I was wondering if anyone knew how.
Thanks,
Sanjesh Pathak wrote:
>Hi,
>
>The only alternative I see here is for the client to use the encrypted
>password as the password instead of the plain unix password.
>
>Sanjesh
>
>-----Original Message-----
>From: Don Tam [mailto:dtam@consumercontact.com]
>Sent: Friday, October 07, 2005 8:43 AM
>To: wss4j-dev@ws.apache.org
>Subject: Explanation of authentication
>
>Hi,
>
>I couldn't gather any information on the WSS4J site, so I was wondering
>if someone could explain to me how the authentication is done. The way
>I understand it is:
>
>1. Client requests a webservice
>2. Server asks for authentication
>3. Client grabs the password using a CallbackHandler and sets it on the
>callback
>4. Server receives the usertoken, grabs the password it expects, and
>sets it on a seperate callback
>5. Something somewhere compares the passwords on these two callbacks?
>
>A problem I am having is that the server authenticates against the Linux
>system's user's password, so I use getpwnam() to get the crypted
>password, and set it on the callback on the server side. How do I crypt
>it the same way on the client side? Don't I need the crypted password
>from the server side as the salt?
>
>Thanks,
>
>
>
--
Don Tam
Manager, Software Development
(416)493-6111x143
dtam@consumercontact.com
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: Explanation of authentication
Posted by Sanjesh Pathak <sa...@soapknox.com>.
Hi,
The only alternative I see here is for the client to use the encrypted
password as the password instead of the plain unix password.
Sanjesh
-----Original Message-----
From: Don Tam [mailto:dtam@consumercontact.com]
Sent: Friday, October 07, 2005 8:43 AM
To: wss4j-dev@ws.apache.org
Subject: Explanation of authentication
Hi,
I couldn't gather any information on the WSS4J site, so I was wondering
if someone could explain to me how the authentication is done. The way
I understand it is:
1. Client requests a webservice
2. Server asks for authentication
3. Client grabs the password using a CallbackHandler and sets it on the
callback
4. Server receives the usertoken, grabs the password it expects, and
sets it on a seperate callback
5. Something somewhere compares the passwords on these two callbacks?
A problem I am having is that the server authenticates against the Linux
system's user's password, so I use getpwnam() to get the crypted
password, and set it on the callback on the server side. How do I crypt
it the same way on the client side? Don't I need the crypted password
from the server side as the salt?
Thanks,
--
Don Tam
Manager, Software Development
(416)493-6111x143
dtam@consumercontact.com
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: Explanation of authentication
Posted by Sanjesh Pathak <sa...@soapknox.com>.
Hi,
The only alternative I see here is for the client to use the encrypted
password as the password instead of the plain unix password.
Sanjesh
-----Original Message-----
From: Don Tam [mailto:dtam@consumercontact.com]
Sent: Friday, October 07, 2005 8:43 AM
To: wss4j-dev@ws.apache.org
Subject: Explanation of authentication
Hi,
I couldn't gather any information on the WSS4J site, so I was wondering
if someone could explain to me how the authentication is done. The way
I understand it is:
1. Client requests a webservice
2. Server asks for authentication
3. Client grabs the password using a CallbackHandler and sets it on the
callback
4. Server receives the usertoken, grabs the password it expects, and
sets it on a seperate callback
5. Something somewhere compares the passwords on these two callbacks?
A problem I am having is that the server authenticates against the Linux
system's user's password, so I use getpwnam() to get the crypted
password, and set it on the callback on the server side. How do I crypt
it the same way on the client side? Don't I need the crypted password
from the server side as the salt?
Thanks,
--
Don Tam
Manager, Software Development
(416)493-6111x143
dtam@consumercontact.com
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org