|
MyProxy
> Docs
> Developer's Guide
> JAAS
MyProxy authentication and authorization using the
JAAS framework is
possible through
MyProxyLoginModule,
a Java module written using the JAAS API and the Globus JAVA
Commodity Grid
(CoG) Kit.
When placed in the JAAS authorization chain, MyProxyLoginModule will
prompt for a user name/pass phrase pair and will attempt to retrieve a
certificate from MyProxy using them. If the retrieval is successful, the
certificate and its DN are added to the Subject object and a success
value is returned. Otherwise, a failure value is returned.
The MyProxyLoginModule can be downloaded in JAR
format, or you can acess the source via the MyProxy CVS repository
using the 'jaas' module name. The full class name for the module is:
edu.uiuc.ncsa.myproxy.jaas.MyProxyLoginModule
In order to use this module, you will need a current copy of the JAVA
CoG Kit, avilable for download from http://wiki.cogkit.org/index.php/Table.
For full information on configuring JAAS login modules, see Sun's
JAAS Reference Guide.
MyProxyLoginModule Configuration Parameters
Basic MyProxy Options
Parameter |
Description |
Default |
host |
MyProxy server
(required) |
none |
port |
MyProxy server port |
7512 |
lifetime |
Credential lifetime (in seconds) |
43200 |
Advanced MyProxy Options
Parameter |
Description |
Default |
credentialName |
MyProxy credential name to retrieve |
none |
credentialPrompt |
If true, prompt the user for a MyProxy credential name (overriding
any name set by the credname parameter) |
false |
certificateFile |
File containing a Globus GSS Credential to use when authenticating
to the MyProxy server |
none |
JAAS Interaction Options
Parameter |
Description |
Default |
useCallbacks |
If true, use callbacks to prompt for username, pass phrase, and
credential name (if credentialPrompt is also true) |
true |
useSharedState |
If true, use shared state information for username, pass phrase, and
credential name. If any information is found in the shared state, it
will not be prompted for (even if credentialPrompt is true). A pass
phrase will only be used if a username is also found
| false |
saveSharedState |
If true, save username, pass phrase and credential name to the
shared state |
false |
usernameStateKey |
Key used to index the username in the shared state |
javax.security.auth.login.name |
credentialNameStateKey |
Key used to index the credential name in the shared state |
javax.security.auth.login.credential |
passPhraseStateKey |
Key used to index the pass phrase in the shared state |
javax.security.auth.login.password |
Last modified
08/11/06.
©2000-2019 Board of Trustees of the University of Illinois.
|