 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / December 2005Verify Password
I'm looking for the simplest way to verify a linux user password from within a servlet. My servlet receives the username and password as part of a login request. I need to validate the password I receive against the password for that Linux user. I don't see anything with the Java API's for direct access to this. This application is on a private network so no real need for complex security. I just need to verify and get on with my business. Any ideas? Thanks!! TRW > I'm looking for the simplest way to verify a linux user password from > within a servlet. [quoted text clipped - 9 lines] > security. I just > need to verify and get on with my business. One crude but effective way would be to open up an FTP session to the Linux system in question, supply the given username and password, and see if FTP takes them. Not CPU-efficient, but maybe it's fast enough for your application. Note: While this does not depend on the way your Linux system stores passwords, you should watch out for FTP-specific aspects, such as ~/.netrc. --Mike Amling >> I'm looking for the simplest way to verify a linux user password from >> within a servlet. [quoted text clipped - 16 lines] > Note: While this does not depend on the way your Linux system stores > passwords, you should watch out for FTP-specific aspects, such as ~/.netrc. Further note: I implicitly assumed that the application is running on the Linux system in question. I'm not advocating sending passwords in the clear to an IP address other than 127.0.0.1. --Mike Amling >>> I'm looking for the simplest way to verify a linux user password from >>> within a servlet. [quoted text clipped - 22 lines] > > --Mike Amling You also assumed that the said Linux system was running an ftp server... To the OP, you might look at JAAS. I've never tried it myself, but it looks like it interfaces to PAM, which I think all current Linux flavours use for authentication. The JAAS overview has this to say: "JAAS APIs can be used for both authentication and authorization, as follows: * For authenticating users to determine securely who is executing Java code, regardless of whether the code is a stand-alone Java technology-based application, an applet, an Enterprise JavaBean (EJB) component, or a servlet." So it claims it can authenticate from a servlet. It's got to be worth a closer look.  SignatureNigel Wade, System Administrator, Space Plasma Physics Group, University of Leicester, Leicester, LE1 7RH, UK E-mail : nmw@ion.le.ac.uk Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555 Thanks for the responses. I was looking at JAAS. However, that all depends on the underlying LoginModule to do the a/a work which is an abstract class. Therefore, logic still needs to be written to access the Linux username and password. I was hoping to find a Linux LoginModule in OpenSource....no luck so far. There must be a way to directly access the shadow file on the Linux machine. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.