[security-dev 00564]: Chaining JAAS modules, x509 and NTLM
Jim Beers
uknowbeers at yahoo.com
Wed Feb 11 23:17:41 UTC 2009
I am researching using JAAS login modules to accomplish the following requirement:
First, if the user presents an X509 certificate, then authenticate using that certificate (this module is already written)
Second, if no certificate is presented, use NTLM single sign on for authentication. If using IE, I believe that the module should be able to pull the username/password out of the request. If not, prompt the user for the information.
I seem to be able to make one method or the other work, but not the combination of the two. Is this even possible?
I have been looking at the tagish NTLM LoginModule, which seems to use BASIC authentication. It doesn't seem to me that I can use BASIC authentication and cert authentication in this either-or fashion.
Any help would be appreciated.
uknowbeers at yahoo.com
More information about the security-dev
mailing list