Automatic login using JAAS...

Similar Messages

• Automatic Login using Script

  How do i automate logging into a server using script.
  i want to retrieve a specific data from a number of servers. the number of servers is too large for that to be done manually. Please find a solution for this

  Trusted RSH (using .rhosts file), trusted SSH (using .shosts and known_hosts files), or SSH with the expect utility to provide passwords. Each have their benefits and drawbacks.
  Information regarding each of these solutions is available en masse on the Internet. Google is a friend to all system administrators.

• Using JAAS/JNDI with the Login Server

  Is it possible to set up single sign-on through the Login Server
  and OID for a Java portlet using JAAS and JNDI? What would be
  required to set this up?

  I was facing same problem,
  Here is I got an answer, I was doing same mistake.
  You cannot authenticate with an outlook.com account when you use the management shell. You have to use a @yourtenant.onmicrosoft.com
  account or an account where the domain has been associated with your O365 tenant like @contoso.com . Microsoft accounts cannot be used with the management shell.
  http://community.office365.com/en-us/f/156/t/238053.aspx 

• How can we re-enable automatic login?

  My husband likes to have automatic login, and has always used it on his laptop. The computer belongs to his employer; yesterday, it wouldn't accept his login at all, and when he got it back from IT an hour later, there was a new account on it (the IT's, I guess, since it was named "Maintenance"), and both it and his own account were now called "admin, managed". The Guest Account was changed to "disabled". I have an admin account on that computer too, which I never use except to help him out, and it was unchanged. I was able to use this to turn off the "managed" part by turning off the Parental Controls checkbox on his account. But logging back into his account, now a simple "admin", did not allow me to re-enable the automatic login. (I couldn't do it from my own account, either.)
  Present condition: (On a Macbook Pro, running OS 10.6.8).
  1. In System Preferences, in the Security Pane (after clicking the lock and entering the password), the first checkbox under "For all accounts on this computer:" is the one to "Disable automatic login". This box is checked AND GRAYED OUT. It cannot be changed. The 4 boxes under that are all live and checked (to require a password to unlock each pane, to log out after inactivity, to use secure virtual memory, and to automatically update the safe downloads list).
  2. In the Accounts Pane, clicking on Login Options (with the lock opened), the top line, "Automatic login:" is set to "off", and GRAYED OUT. It too cannot be changed. Other options are also grayed out: can't show the Restart etc. buttons, or show the fast user switching menu.
  This is true on our home network, so it isn't something enforced by the employer's network, at least, not directly.
  Filevault isn't on, by the way, and never has been.
  Is this a condition set by a terminal command by IT? If so, how do we bypass it? It's more of a nuisance this way than anything serious, but an adnimistrator account ought to be able to access all the options, right? (And we have no idea why he couldn't log in in the first place, which started this whole mess.) All suggestions will be welcome.
  Susan K

  Forgive what may be a dumb question on my part, but did you click the lock icon at the lower-left of the Accounts pane to unlock it? You can't change those settings until the pane is unlocked, which you should be able to do if you have adminstrator privileges unless his company has in some way locked off those settings, something which may well be company policy.
  Hope this helps.

• How can I shut off the automatic login when I turn on my MacBook Pro?

  Ever since I updated to Yosemite I have been forced to enter my password whenever I turn on my MacBook Pro. I went to System Preferences/Users & Groups and see that the automatic login option is set to off, but it is shaded and I can't use the dropdown menu, even though I've unlocked it.
  Is this a common issue? Am I just going to have to get used to signing in every time? I'm the only one who uses it, and it's a little annoying.
  I've tried searching for help in the discussions and also on google, but I'm not finding any answers.
  Help, please!

  Did you turn on FileVault when you upgraded to Yosemite? If it is on then a login password is required (sort of obviously). You can tell whether it is on by going to Apple Menu > System Preferences > Security & Privacy and click FileVault at the top and see if the words "Turn off FileVault" are in the button. I'm the only one who uses my Mac also, but the remote possibility of it being stolen makes it worth it to me to have FileVault turned on and a password required. OS X: About FileVault 2 - Apple Support

• Has anyone used JAAS with WebLogic?

  Has anyone used JAAS with Weblogic? I was looking at their example, and I have a bunch of questions about it. Here goes:
  Basically the problem is this: the plug-in LoginModule model of JAAS used in WebLogic (with EJB Servers) seems to allow clients to falsely authenticate.
  Let me give you a little background on what brought me to this. You can find the WebLogic JAAS example (to which I refer below) in the pdf: http://e-docs.bea.com/wls/docs61/pdf/security.pdf . (I believe you want pages 64-74) WebLogic, I believe goes about this all wrong. They allow the client to use their own LoginModules, as well as CallBackHandlers. This is dangerous, as it allows them to get a reference (in the module) to the LoginContext's Subject and authenticate themselves (i.e. associate a Principal with the subject). As we know from JAAS, the way AccessController checks permissions is by looking at the Principal in the Subject and seeing if that Principal is granted the permission in the "policy" file (or by checking with the Policy class). What it does NOT do, is see if that Subject
  has the right to hold that Principal. Rather, it assumes the Subject is authenticated.
  So a user who is allowed to use their own Module (as WebLogic's example shows) could do something like:
  //THEIR LOGIN MODULE (SOME CODE CUT-OUT FOR BREVITY)
  public class BasicModule implements LoginModule
  private NameCallback strName;
  private PasswordCallback strPass;
  private CallbackHandler myCB;
  private Subject subj;
           //INITIALIZE THIS MODULE
             public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
                    try
                         //SET SUBJECT
                           subj = subject;  //NOTE: THIS GIVES YOU REFERENCE
  TO LOGIN CONTEXT'S SUBJECT
                                                   // AND ALLOWS YOU TO PASS
  IT BACK TO THE LOGIN CONTEXT
                         //SET CALLBACKHANDLERS
                           strName = new NameCallback("Your Name: ");
                           strPass = new PasswordCallback("Password:", false);
                           Callback[] cb = { strName, strPass };
                         //HANDLE THE CALLBACKS
                           callbackHandler.handle(cb);
                    } catch (Exception e) { System.out.println(e); }
       //LOG THE USER IN
         public boolean login() throws LoginException
            //TEST TO SEE IF SUBJECT HOLDS ANYTHING YET
            System.out.println( "PRIOR TO AUTHENTICATION, SUBJECT HOLDS: " +
  subj.getPrincipals().size() + " Principals");
            //SUBJECT AUTHENTICATED - BECAUSE SUBJECT NOW HOLDS THE PRINCIPAL
             MyPrincipal m = new MyPrincipal("Admin");
             subj.getPrincipals().add(m);
             return true;
           public boolean commit() throws LoginException
                 return true;
      }(Sorry for all that code)
  I tested the above code, and it fully associates the Subject (and its principal) with the LoginContext. So my question is, where in the process (and code) can we put the LoginContext and Modules so that a client cannot
  do this? With the above example, there is no Security. (a call to: myLoginContext.getSubject().doAs(...) will work)
  I think the key here is to understand JAAS's plug-in security model to mean:
  (Below are my words)
  The point of JAAS is to allow an application to use different ways of authenticating without changing the application's code, but NOT to allow the user to authenticate however they want.
  In WebLogic's example, they unfortunately seem to have used the latter understanding, i.e. "allow the user to authenticate however they want."
  That, as I think I've shown, is not security. So how do we solve this? We need to put JAAS on the server side (with no direct JAAS client-side), and that includes the LoginModules as well as LoginContext. So for an EJB Server this means that the same internal permission
  checking code can be used regardless of whether a client connects through
  RMI/RMI-IIOP/JEREMIE (etc). It does NOT mean that the client gets to choose
  how they authenticate (except by choosing YOUR set ways).
  Before we even deal with a serialized subject, we need to see how JAAS can
  even be used on the back-end of an RMI (RMI-IIOP/JEREMIE) application.
  I think what needs to be done, is the client needs to have the stubs for our
  LoginModule, LoginContext, CallBackHandler, CallBacks. Then they can put
  their info into those, and everything is handled server-side. So they may
  not even need to send a Subject across anyways (but they may want to as
  well).
  Please let me know if anyone sees this problem too, or if I am just completely
  off track with this one. I think figuring out how to do JAAS as though
  everything were local, and then putting RMI (or whatever) on top is the
  first thing to tackle.

  Send this to:
  newsgroups.bea.com / security-group.

• Client remote Authentication using JAAS and EJB Access

  Hi,
  I have a problem using JAAS in combination with Sun One Appserver 8.1 and a java remote client trying to access an EJB. Here is the scenario:
  I have implemented an EJB who's methods are protected through the deployment descriptor:
          <assembly-descriptor>
               <security-role>
                  <description>role for clients outside of the server </description>
                  <role-name>sedna</role-name>
                </security-role>
              <method-permission>
                <role-name>sedna</role-name>
                <method>
                  <ejb-name>ServerInfoBean</ejb-name>
                  <method-intf>Remote</method-intf>
                  <method-name>*</method-name>
                </method>
              </method-permission>
              <method-permission>
                <unchecked/>
                <method>
                  <ejb-name>ServerInfoBean</ejb-name>
                  <method-name>getVersion</method-name>
                </method>
                <method>
                  <ejb-name>ServerInfoBean</ejb-name>
                  <method-name>create</method-name>
                </method>
              </method-permission>
          </assembly-descriptor>I've deployed the EJB in a jar file which was packed into an ear file of a bigger application. The role has been mapped to the admin Principal in the sun-ejb-jar.xml descriptor.
  I can find the EJB, create it, and call the unchecked method getVersion and that works fine, so far so good.
  But then I try to access another method which is protected and then I get this exception
  org.omg.CORBA.NO_PERMISSION:   vmcid: 0x2000  minor code: 1806 completed: Maybe
          at com.sun.enterprise.iiop.POAProtocolMgr.mapException(POAProtocolMgr.java:179)
          at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:853)
          at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:137)
  ...I have to mention that I do make a login via the LoginContext. My jaas.config File has a reference to the com.sun.enterprise.security.auth.login.ClientPasswordLoginModule module.
  After login (which works perfectly) I lookup the context with a corbaname url which - if I understood it right - ignores the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS settings.
  After that I make the calls to the EJB. And I am allways ANONYMOUS on the server side, which is definitely the problem. Because ANONYMOUS is not allowed to call the protected EJB Methods. But I made a jaas login in advance. So where am I making a mistake???
  Am I doing something wrong?
  Need help! Thx,
  Stephan

  Hi.
  I understand correctly that you call Subject.doAs on
  the client to call the remote EJB. I guess It isn't
  right way.I had also a bad feeling about this, so I forget it. But anyway it wasn't working with or without using that doAs().
  >
  >
  Subject contextSubject =
  Subject.getSubject(AccessController.getContext());
  contextSubject.getPrincipals();This code throws exceptions in the Appserver. Unfortunately they are catched somewhere so I'm unable to find out what was going wrong. But I guess, that these exceptions where security exceptions. Never the less thanks for the hint!
  But I don't think that doing the check on the server side is the way I want to go because that is programmatically security and I want to use the declarative security which can be used through the deployment descriptor. If used correctly - and supposed I do not completely misunderstand the specification - then it should be possible to create an EJB that is protected via it's deployment descriptor and access it through the client only if the client has been authenticated through JAAS mechanisms. After successful authentication the principal should be accessible through the EJB context but not for security check, that should allready been done at this time.
  Unfortunately I don't find any resource on the internet describing the scenario in such a detail that I can reproduce it. There are only very high level documentations and hints in forums.
  Again, thanks for your effort,
  Stephan

• How to avoid the anonymous login using  RIMLoginModule?

  Hi everybody,
  we have configured the RIMLoginModule on a WebAS to enable SSO on Blackberry devices. The login module works as expected when the Rim-device-email header parameter is available in the request. But without this header an automatic login occures using the anonymous user. How should we configure the module or the security provider to avoid this behaviour?
  Note: if we lock the anonymous user, the problem is solved. But, we want to keep the anonymous user unlocked and configure the module to use a basic authentication when the Rim-device-email pamaeter is missed in the request.
  regards
  Edited by: Michael Kinder on Nov 7, 2008 9:20 AM

  Sean
  You need to set up the anonymous user (via Admin). Add him to the
  defaultRole and then you can assign the channels to the anonymous user as
  per normal.
  Cheers
  Sean Xue wrote:
  I setup a domain only have anonymous authenticate module and I can't add
  the channels that I like to be displayed to the login page. Is anybody
  know how to do that. Thanks.

• Call BEX-Query from VBA with BEX-automatic login?

  Hi,
  I'm trying to call a query from VBA. I have two problems/questions:
  1. Automatic login?
  I want to do an automatic login. I found this peace of code here, but I get an error:
  Public Function  LogonToYourBW()
  ' create Logon & RFC-Handle
  logonToBW = False ‘ clear connect Flag the flag can be used to find out if connected or not
      'load SAP functionality by opening BEX file ( use your installation path)
          Workbooks.Open (“c:\sappc\bw\sapbex.xla”)
      With Run("sapbex.xla!sapbexGetConnection") ‘ call the connection
         ' Set the params for Auto logon
         .client = “YOUR CLIENT NO”
         .user = “YOUR BW USER”
         .Password = “YOUR BW PWD” ‘ I recommend to create a dummy reporting user for this task
         .Language = “YOUR LANGUAGE YOU LIKE TO USE FOR QUERY DISPLAY ( i.E.  “EN”)”
         .SystemNumber = “YOUR SYSTEM NO” ‘
         .ApplicationServer = “YOUR SERVER Name OR IP-ADDRESS”
         .UseSAPLOgonIni = FALSE 'important for automatic connection
         .logon 0, True ‘ This will provide a dialog to appear
          If .IsConnected <> 1 Then
              .logon 0, False
              If .IsConnected <> 1 Then Exit Function
          Else
              Set g_oFunction = CreateObject("SAP.Functions")
              Set g_oFunction.Connection = g_oConnection
          End If
      End With
      Run "sapbex.xla!sapbexinitConnection" ‘ this will enable the connection you just created
      logonToBW = True
  End Function
  The error is by this row:
  Set g_oFunction.Connection = g_oConnection
  Object is needed! How is the g_oConnection-object defined?
  2. How can I pass values for the parameters from VBA?
  If I open the query usually from SAP-BEX-Toolbar, after selecting the query, I get a parameter mask, where I must put in a value. How can I this automatize from VBA? Has anybody a short samplecode for that?
  Thank you for your help
  Stefan
  [email protected]

  Peter and others:
  What I really want to do … is write a stand-alone application that I can run from windows scheduler … that queries our BW for sales data for certain items (in a tabular form) … and pulls that data into a VB recordset, or a .NET dataset … so that I can insert the rows into another database (SQL Server, or Access) … I already know how to do all the data movement to/from datasets and databases … I just cannot figure out how to programmatically grab this sales data from BW … our company has “workbooks” already set up that aggregate WW sales information by region (IE, there is a separate workbook for each region of the world) … I can manually go into the Excel interface, tell it which items to pull the sales info for, and it dumps the data into the worksheet (organized by customer, and then by cat #) …
  So, what I’d like to do is write an app that will pull data every week or so from the BW (from each region’s sales invoice detail “workbook”), and insert it into another database that we use for reporting other, non-sales, data.
  Thoughts on this ?  Is there another, non-BEx method that is better ?
  thanks !!

• Can't disable automatic login (wifi) in Mt. Lion 10.8.4

  Dear all, why i can't disable automatic login in Mt. Lion 10.8.4??
  i'm using a MBP 2.4Ghz/Intel core i5 / late 2011 model, running 10.8.4
  each time i turn the wifi on and select the name of network, it will automatically login without asking my password, (I just want it ask me for password every time coz i don't want the password stay on the computer!)
  and i had did the following already but the nightmare still go on, please kindly let me know if the issue can be fix? thanks a lot!!!
  1. network panel : click advance and remove all network names in the window, and unchecked the box "Remember networks this computer has joined".
  2. Security Panel : selected "Disable automatic login"
  3. Users & Groups panel : Automatic login : selected "off"
  4.inside the Library / Preferences folder : "com.apple.loginwindow.plist", "com.apple.airport.preferences.plist" & " NetworkInterfaces.plist" all are deleted
  thanks again!!!

  Open Keychain Access and locate the entry for the network logon, select the entry and press the Delete key. That will remove the password from your Keychain and the system will have to request your password to log onto the network. Note: keychain entries are securely encrypted so even if someone has access to your computer, it would be highly unlikely they would be able to retrieve the network password.

• Windows 7 automatic login to AD and Edir

  Any one have clear instructions on how to accomplish automatic login to a windows AD domain and edirectory?
  Using Novell Client 2 Sp3 for windows 7 (IR6). Novell is the primary login.
  Goal is to enable the automatic login to both as user "install" .. sysprep the image.. deploy the image so it automatically logs in as the user. Installs associated default zenworks bundles, with the last bundle removing the automatic login registry keys.. then reboot and be ready for the user to login to.
  used to use autolog.exe from Tommy for XP, which I understand doesn't work with windows 7.

  Lol apparently I just need to talk myself through this process :P
  Seems to be working at the moment. Here's what I did. Computer is joined to AD domain and has Novell Client installed/primary logon. I haven't tried this with a sysprep'd image yet, but hoping the sysprep process doesn't change any of these keys:
  HKLM\Software\Novell\Login
  REG_SZ AutoAdminLogon = 1
  REG_SZ DefaultLocationProfile = Default
  REG_SZ DefaultUserName = install (or whatever username you intend to use)
  REG_SZ DefaultPassword = password (or whatever password associated with above username)
  HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
  REG_SZ AutoAdminLogon = 1
  REG_SZ DefaultDomainName = yourdomainname
  REG_SZ DefaultUserName = install (or whatever username)
  REG_SZ DefaultPassword = install (or whatever password associated with above username)
  REG_DWORD DisableCAD = 1 (disable the Ctrl+Alt+Del prompt)

• Automatic login to wireless problem

  We have several computers at home, all connected to the internet through a wireless router hooked up to our main PC. Then there is my laptop, my old iMac, and my son's PC. Everything was working fine ... when I'd start my PowerBook G4, it would automatically detect our wireless network and connect my laptop to the network.
  However, we had our son hook up his Playstation3 to the router via an ethernet cable. This way would could take away the ethernet cable to limit his playing time and encourage him to do his homework. The Playstation3 also "hijacks" the IP address, basically blocking anyone else in the house from using the internet.
  Well, my son found the WEP password for the wireless, and decided to put it on his Playstation3 so he could play online whenever we weren't looking. Well, when we found out he had pinched the WEP password, we reset the it on the wireless Linksys router, and I went into my Keychain and changed the WEP key for the wireless network on my PowerBook. Problem solved, right?
  Well, now when I start up my G4 Powerbook, it detects our home wireless network but no longer automatically signs in to the network. Additionally, when I try to select our wireless network from the AirPort pull-down menu from the Finder window menu bar, it says that an error occurred and it can not connect. Hitting the "Try Again" button is futile. I have to go into Internet Connect, select "Other" from the available wireless networks, then pick our home wireless network from the list. I then have to type in that annoying 26 digit WEP 128-bit Hexidecimal security key! Only then do I get the connection to our wireless. Additionally, I have to do this EVERY SINGLE TIME I boot my Powerbook -- it doesn't seem to want to remember the password, even though it is stored in the keychain.
  This problem is very frustrating! Why won't my Powerbook automatically login to our network?

  Good news!
  Yep, that was the WEP I was talking about, 104/128bit/26Hex.
  Now it takes just 3 seconds to extract a 104-bit WEP key from intercepted data using a 1.7GHz Pentium M processor...
  http://www.techworld.com/security/news/index.cfm?newsid=8456
  WPA or better yet WPA2... if your Airport card & Router both support it...
  http://compudent.blogspot.com/2006/09/wireless-wep-vs-wpa-vs-wpa2.html
  http://answers.yahoo.com/question/index?qid=20070924153500AArrQBP
  http://www.home-wlan.com/WEP-vs-WPA.html
  http://support.apple.com/kb/TA21448?viewlocale=en_US
  Finally...
  http://support.apple.com/kb/TA21448?viewlocale=en_US

• Unable to login using weblogic in sample tutorial page

  I am trying to login using "weblogic" and "weblogic1" credentials to the tutorial page at http://docs.oracle.com/cd/E23943_01/webcenter.1111/e10273/createapp.htm
  But after I click the link "login", nothing is happening. I mean no response is coming and progress bar shows still waiting. Neither its saying invalid credentials.
  But using the same credentials I am able to successfully login into the console page at http://127.0.0.1:7101/console
  I even tried to delete the DefaultDomain and started Integrated Weblogic server and it again automatically created the domain. But still same problem exists.
  Please let me know. Thanks.

  Hi,
  You need to run the setup once to register the administrator user for discussion server. Open /Oracle/Middleware/user_projects/domains/yourdomain/config/fmwconfig/servers/WC_Collaboration1/owc_discussions/jive_startup.xml file and change "true" to "false"
  <jive>
  <!-- When setup is false, you can access the setup tool. -->
  <setup>true</setup> // Change it to false
  <!-- Database settings -->
  <database>
  Now access the http://host:port/owc_discussions/admin/setup and make the configuration and on last step specify weblogic or any other user as admin. Then you will be able to access it.
  Thanks

• Using JAAS in a BC4J Client

  Hello
  We are building a BC4J application.
  We would like to use JAAS on the client side (Swing Client), to do some authorization.
  I made a test, authentication a user trough JAAS on the client as follow:
  // Auhorization
  CallbackHandler handler = new InfoCallbackHandler();
  String s = "oracle.security.jazn.tools.Admintool";
  LoginContext loginContext = new LoginContext(s, handler);
  loginContext.login();
  Subject subject = loginContext.getSubject();
  // authenticated action
  Subject.doAs(subject, this);
  This works, as long as the client has access to the jazn.xml file.
  As far as I understand, this loads the RealmLoginModule.
  The RealmLoginModule uses either a jazn.xml file, or LDAP for authentication.
  Now I'm curios about where the RealmLoginModule gets its information from, when the client is running on an other machine than the OC4J Server.
  Where does the RealmLoginModule get the connection information for the OC4J or LDAP- server from?
  Do I have to deliver the security information (jazn.xml file) to the client (I dont want to expose all this information to the Hackers on the client side)?
  Is there a way to delegate the JAAS calls to the middle tier (a security provider , LoginModule, that does RMI-calls to an EJB-component)?
  Is there a way to do authorization with the BC4J interfaces on the client (something like boolean ApplikacitonModule.isUserInRole(Role) or javax.security.auth.Subject ApplikacitonModule.getSubject() or java.util.Set ApplikacitonModule.getPrincipalsForSubject())?
  I would like to get a javax.security.auth.Subject representing the user (and password)
  that is authenticated in the middle tier. This is the Subject (defined by username & password)),
  used for the JNDI lookup, and by the whole J2EE (EJB) security, when creating a root ApplicationModule.
  Is this possible?
  Regards
  Matthais Gerber

  Hi,
  In JDeveloper 9.0.3, BC4J has JAAS support in the middle-tier. You could set jbo.security.enforce to "Test" or "Must" on the application module using "Configuration...", "Edit" in JDev. If you are using the default Oracle 9iAS JAAS you will also need to include BC4J Security library in the project. The jdk\jre\lib\securtiy\java.security should have login.configuration.provider=oracle.security.jazn.spi.LoginConfigProvider.
  You do not need to create LoginContext, CallbackHandler, etc. in either your client app or business objects.
  If you are not using OC4J, you need to have another loginmodule that implement javax.security.auth.spi.LoginModule. You need to set the jbo.security.loginmodule with you loginmodule name, include the class or jar in your library, specify the jaas config file on the java runtime option.
  Please refer to 9.0.3 online help "Working with Security in BC4J" for more information.
  Thanks,
  Yvonn

• Using JAAS without config text files

  Hi everybody,
  I'm trying to develop an application using JAAS for authentication and authorization, but I don't want to depend on the text files for configuration.
  This application is going to be distributed using Webstart, so I don't know which configuration the user will have.
  Is there anyway to bypass these files?
  Thanks a lot,
  Luis Javier

  For the LoginModule part, you could try to set your own Configuration object.
  Ses javax.security.auth.login.Configuration.setConfiguration
  You should be able to inherit from Configuration and provide your own method to
  provide AppConfigEntries.