Explanation of authentication

[Don Tam <dt...@consumercontact.com>]

Hi,

I couldn't gather any information on the WSS4J site, so I was wondering 
if someone could explain to me how the authentication is done.  The way 
I understand it is:

1.  Client requests a webservice
2.  Server asks for authentication
3.  Client grabs the password using a CallbackHandler and sets it on the 
callback
4.  Server receives the usertoken, grabs the password it expects, and 
sets it on a seperate callback
5.  Something somewhere compares the passwords on these two callbacks?

A problem I am having is that the server authenticates against the Linux 
system's user's password, so I use getpwnam() to get the crypted 
password, and set it on the callback on the server side.  How do I crypt 
it the same way on the client side?  Don't I need the crypted password 
from the server side as the salt?

Thanks,

-- 
Don Tam
Manager, Software Development
(416)493-6111x143
dtam@consumercontact.com


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: Explanation of authentication

[Don Tam <dt...@consumercontact.com>]

Hi,

That's what I figured too, so in my client CallbackHandler, I need to 
have something that will crypt the plain text the same way that the Unix 
password system does it.  I was wondering if anyone knew how.

Thanks,

Sanjesh Pathak wrote:

>Hi,
>
>The only alternative I see here is for the client to use the encrypted
>password as the password instead of the plain unix password.
>
>Sanjesh
>
>-----Original Message-----
>From: Don Tam [mailto:dtam@consumercontact.com] 
>Sent: Friday, October 07, 2005 8:43 AM
>To: wss4j-dev@ws.apache.org
>Subject: Explanation of authentication
>
>Hi,
>
>I couldn't gather any information on the WSS4J site, so I was wondering 
>if someone could explain to me how the authentication is done.  The way 
>I understand it is:
>
>1.  Client requests a webservice
>2.  Server asks for authentication
>3.  Client grabs the password using a CallbackHandler and sets it on the 
>callback
>4.  Server receives the usertoken, grabs the password it expects, and 
>sets it on a seperate callback
>5.  Something somewhere compares the passwords on these two callbacks?
>
>A problem I am having is that the server authenticates against the Linux 
>system's user's password, so I use getpwnam() to get the crypted 
>password, and set it on the callback on the server side.  How do I crypt 
>it the same way on the client side?  Don't I need the crypted password 
>from the server side as the salt?
>
>Thanks,
>
>  
>

-- 
Don Tam
Manager, Software Development
(416)493-6111x143
dtam@consumercontact.com


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: Explanation of authentication

[Don Tam <dt...@consumercontact.com>]

Hi,

That's what I figured too, so in my client CallbackHandler, I need to 
have something that will crypt the plain text the same way that the Unix 
password system does it.  I was wondering if anyone knew how.

Thanks,

Sanjesh Pathak wrote:

>Hi,
>
>The only alternative I see here is for the client to use the encrypted
>password as the password instead of the plain unix password.
>
>Sanjesh
>
>-----Original Message-----
>From: Don Tam [mailto:dtam@consumercontact.com] 
>Sent: Friday, October 07, 2005 8:43 AM
>To: wss4j-dev@ws.apache.org
>Subject: Explanation of authentication
>
>Hi,
>
>I couldn't gather any information on the WSS4J site, so I was wondering 
>if someone could explain to me how the authentication is done.  The way 
>I understand it is:
>
>1.  Client requests a webservice
>2.  Server asks for authentication
>3.  Client grabs the password using a CallbackHandler and sets it on the 
>callback
>4.  Server receives the usertoken, grabs the password it expects, and 
>sets it on a seperate callback
>5.  Something somewhere compares the passwords on these two callbacks?
>
>A problem I am having is that the server authenticates against the Linux 
>system's user's password, so I use getpwnam() to get the crypted 
>password, and set it on the callback on the server side.  How do I crypt 
>it the same way on the client side?  Don't I need the crypted password 
>from the server side as the salt?
>
>Thanks,
>
>  
>

-- 
Don Tam
Manager, Software Development
(416)493-6111x143
dtam@consumercontact.com


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

RE: Explanation of authentication

[Sanjesh Pathak <sa...@soapknox.com>]

Hi,

The only alternative I see here is for the client to use the encrypted
password as the password instead of the plain unix password.

Sanjesh

-----Original Message-----
From: Don Tam [mailto:dtam@consumercontact.com] 
Sent: Friday, October 07, 2005 8:43 AM
To: wss4j-dev@ws.apache.org
Subject: Explanation of authentication

Hi,

I couldn't gather any information on the WSS4J site, so I was wondering 
if someone could explain to me how the authentication is done.  The way 
I understand it is:

1.  Client requests a webservice
2.  Server asks for authentication
3.  Client grabs the password using a CallbackHandler and sets it on the 
callback
4.  Server receives the usertoken, grabs the password it expects, and 
sets it on a seperate callback
5.  Something somewhere compares the passwords on these two callbacks?

A problem I am having is that the server authenticates against the Linux 
system's user's password, so I use getpwnam() to get the crypted 
password, and set it on the callback on the server side.  How do I crypt 
it the same way on the client side?  Don't I need the crypted password 
from the server side as the salt?

Thanks,

-- 
Don Tam
Manager, Software Development
(416)493-6111x143
dtam@consumercontact.com


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

RE: Explanation of authentication

[Sanjesh Pathak <sa...@soapknox.com>]

Hi,

The only alternative I see here is for the client to use the encrypted
password as the password instead of the plain unix password.

Sanjesh

-----Original Message-----
From: Don Tam [mailto:dtam@consumercontact.com] 
Sent: Friday, October 07, 2005 8:43 AM
To: wss4j-dev@ws.apache.org
Subject: Explanation of authentication

Hi,

I couldn't gather any information on the WSS4J site, so I was wondering 
if someone could explain to me how the authentication is done.  The way 
I understand it is:

1.  Client requests a webservice
2.  Server asks for authentication
3.  Client grabs the password using a CallbackHandler and sets it on the 
callback
4.  Server receives the usertoken, grabs the password it expects, and 
sets it on a seperate callback
5.  Something somewhere compares the passwords on these two callbacks?

A problem I am having is that the server authenticates against the Linux 
system's user's password, so I use getpwnam() to get the crypted 
password, and set it on the callback on the server side.  How do I crypt 
it the same way on the client side?  Don't I need the crypted password 
from the server side as the salt?

Thanks,

-- 
Don Tam
Manager, Software Development
(416)493-6111x143
dtam@consumercontact.com


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org