How to add radius to jboss ldap authentication?

Question

This is a long shot but I thought it was worth a try.

We have designed a java servlet running on jboss and authenticating using ldap (edit: via JAAS). Now the customer wants to change to radius authentication for some of the users who uses one-time generated passwords. but still only have the two login fields; username and password. Since we still need user information from ldap, is this possible without sacrificing security? I still need to authenticate in ldap to get the user context. but getting no password I don't see how. Can I make ldap contact radius for some of the users? Maybe I should just say no and make them accept three fields and an additional check against radius after logging into ldap.

Answer 1

If you are using JAAS then it is only a matter of stacking the right LoginModules and configuring them. http://www.ibm.com/developerworks/offers/lp/demos/summary/jaas.html?S_TACT=105AGX30&S_CMP=DEVXODD In short words JAAS and the other authentication frameworks I am aware of (Acegi/Spring Security e.g.) offer a way to configure a single set of credentials (username/password pair, single-sign-on token, etc) to be passed through several authentication modules with the final decision being very flexible. Moreover with these frameworks, you can get user data being loaded from one user-data repository after authentication by another.