AppletTalk.com Java discussions newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  Simple remote authentication          AppletTalk.com Forum Index -> Security and Java View previous topic :: View next topic   Author Message hacka@wp.pl Guest Posted: Sun Feb 11, 2007 3:47 pm    Post subject: Simple remote authentication Hello, I need to implement a simple login / password authentication for my client-server application, preferably some kind of challenge-response protocol. I would like to use an existing solution (SASL + CRAM-MD5?), but I am a bit overwhelmed by all the API's (SASL, JAAS etc.) and really I need something simple. What would you recommend? Regards, Mike. Back to top Ralf Ullrich Guest Posted: Sun Feb 11, 2007 3:47 pm    Post subject: Re: Simple remote authentication hacka (AT) wp (DOT) pl wrote: Quote: Hello, I need to implement a simple login / password authentication for my client-server application, preferably some kind of challenge-response protocol. I would like to use an existing solution (SASL + CRAM-MD5?), but I am a bit overwhelmed by all the API's (SASL, JAAS etc.) and really I need something simple. What would you recommend? Regards, Mike. Using SASL is actually quite simple and straightforward. You have to create a SaslClient (sc) on your client side, and a SaslServer (ss) on your server side. Then on both sides you have to write a loop that is controlled by the sc/ss object. During this loop the callback handler, that you provided when creating the Sasl* objects will receive callbacks. After the loop finishes, you will know wether the authentication was successful or not. All you need to know to successfully use SASL is described here: Java SASL Programming Guide - http://java.sun.com/javase/6/docs/technotes/guides/security/sasl/sasl-refguide.html Ah, and one thing I should mention: you have to define the messages in your application protocol, that will encapsulate the SASL-messages to be exchanged. This is only indicated in the above guide through "send(...)" and "msg.receive()" calls. If you need an idea how to do this, look into the RFCs regarding the use of SASL in SMTP or NNTP (Sorry too lazy to look 'em up for you). However it's quite easy, just define messages, that can transport some binary data (the SASL data), and have an associated status of Continue, Success or Error. (Just look at the "send(...)" calls in the guide, and you'll know what types of messages you need. cu Back to top Mike Amling Guest Posted: Tue Feb 13, 2007 7:41 pm    Post subject: Re: Simple remote authentication hacka (AT) wp (DOT) pl wrote: Quote: Hello, I need to implement a simple login / password authentication for my client-server application, preferably some kind of challenge-response protocol. I would like to use an existing solution (SASL + CRAM-MD5?), but I am a bit overwhelmed by all the API's (SASL, JAAS etc.) and really I need something simple. What would you recommend? SRP has good properties. An attacker who observes the client/server traffic, or who interacts with the client while masquerading as the server, or who is a man-in-the-middle between the actual client and server does not learn enough to determine the password or anything else that would be sufficient to log in. RFC2945 describes SRP-3 (http://www.ietf.org/rfc/rfc2945.txt), which may be little outdated. SRP-6 is even better (http://srp.stanford.edu/design.html). The multiprecision arithmetic can all be done using functions in BigInteger. --Mike Amling Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         AppletTalk.com Forum Index -> Security and Java All times are GMT Page 1 of 1   Jump to: Select a forum Java Newsgroups----------------Java DiscussionsWeb-based java games comp.lang.java 3D Graphics API's for Java Java: Support and criticism Java System Announcements comp.lang.java.api JavaBeans Java and CORBA Java and Databases comp.lang.java.developer Java GUI Toolkits Java Help comp.lang.java.javascript JVM, native methods and hardware comp.lang.java.misc Java Language Programming Security and Java comp.lang.java.setup Java Software Tools comp.lang.java.tech ibm.software.java.linux  Non-English Java Newsgroups----------------Java Language (German)Language Java (Français)Java (Italian)  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.