[Gllug] Shared authentication (was: Recommendations for a CRM system)

Russell Howe rhowe at siksai.co.uk
Tue Jan 24 20:59:29 UTC 2006

On Tue, Jan 24, 2006 at 06:40:48PM +0000, Simon Morris wrote:
> these apps really should be storing user profile
> type information in a database or whatever but do the authentication
> part over LDAP if the user wants.
> The world would be a better place :)

Bloody well would - I ended up writing a JAAS LoginModule so that users
of a website could log in using a mixture of Win2k AD and OpenLDAP
credentials. I still need to get my head around PAM and get the same
behaviour there.

If you need to authenticate users in any Java apps using JAAS, get in
touch and you can have a poke at my code (it's currently Jetty-specific,
but should be easy to port to something else which uses JAAS).

I'd have jabber all set up and running at work if it had a decent way of
authenticating against a mixture of LDAP trees (we don't put everyone in
AD because we don't need to - only a small percentage of users need
access to the Windows network). As it is, there's a hackish perl script
which you need to coax into working and it doesn't allow for more than
one authentication to take place at any one time, from what I've read.

It all looked so painful I haven't even bothered yet, so I don't know if
it's as bad as it appears...

PAM's on the todo list as well. I need to sit down and have a crack at
it. To me, it's still black magic.

Russell Howe       | Why be just another cog in the machine,
rhowe at siksai.co.uk | when you can be the spanner in the works?
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list