Secure Java Apps on Linux using MD5 Crypt

An anonymous reader writes "If you are a security developer and need to interface a Java application with the local operating system user registry, what do you do? IBMDeveloperWorks gives you the answer: 'UNIX/Linux PAM (Pluggable Authentication Module)-compatible systems that use authentication based on the GNU MD5 extensions to the crypt() system call. It will describe these extensions and show you a Java implementation of MD5 crypt (using FreeBSD as my UNIX).'"

JAAS?

[icklemichael]

I don't understand why I would do this rather than just use JAAS (which has been part of the jdk since 1.4).

http://java.sun.com/products/jaas/

This already handles authentication against unix logins, or windows logins, or pretty much anything else!

The article finishes with:

A pure Java implementation of MD5 crypt can provide a simple interface that can be used by Web applications to authenticate against the local UNIX registry.

I have two things to say:

1. If your app server doesn't support authentication against local OS users (and this is what you want) get a new one.
2. It is big and clever to write your own authentication system for web apps in 2006.