Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user authentication?

"Paul Popovich" <email@hidden> wrote:

>I have written a network installer in java that employs a number of
>JNIs to do system level configuration.
>Because of the system JNIs it only works under 'root' boot, and needs
>user authentication under any other login.
>I've looked but couldn't find any java libraries (apple custom
>libraries?) that would provide for an authentication box.
>There's a C Security framework that I could use but it has trouble
>launching a java file for some reason.

There are no Java libraries (Apple or otherwise) I know of that provide
controlled access to 'root' privileges. I don't even think there's a JSR
that covers this, though I could be wrong. JAAS is a completely different
set of auth services.

There is the C API known as "Authorization Services" (see Authorization.h
and AuthorizationTags.h). Is that the "C Security framework" you're
referring to? If so, what "trouble" is it having? I can understand how it
wouldn't be able to execute a JAR.

Also, on some 10.1 machines the 'java' command is a shell-file instead of a
sym-link, so executing "/usr/bin/java" as the privileged command would also
fail. I forget when the shell-file was changed to a sym-link, but it's
definitely that way on 10.2.1.

You could hack something together using exec() and 'sudo -S' to execute
certain commands as root, though that has certain vulnerabilities. See
'man sudo'.

Exactly what things are you configuring in your privileged JNI code?

-- GG
_______________________________________________
java-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/java-dev
Be sure to read the FAQ http://developer.apple.com/java/faq/ before posting
Do not post admin requests to the list. They will be ignored.


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.