[omniORB] username authentication and user-permissions on method calls

dave giffin givdav01 at yahoo.com
Sun Aug 22 23:59:21 BST 2004


I am writing a server in python that uses omniorb to
recieve calls from corba clients. omniorb works well.


I would like to implement user permissions on my
server, so that I can set a certain linux user can
call certain groups of functions but not others.

I am not sure how to implement these permissions? Has
anyone else tried this? Does anyone have any
suggestions?


I am thinking of creating a linux user-group for each
group of related functions. Then when before each
function is executed, the server would check to see if
the user is in the linux group that corresponds to
this group of functions.


I am not sure if this approach is the best, though I
think it wouldn't be that hard to setup and easy to
administer (rather than permissions for each
function).


But, I don't know how I should carry the username and
password of a user at the client.

Should the username/password be sent with each
function? 

Or does corba have a system to send the
username-password when once, at the beginning of each
session (such as a protocol like FTP)?


Some of my corba clients are java applets using java's
built in corba support (which doesn't seem to support
SSL), so how can I encrypt the password to keep it
immune from playback attacks.

:)



		
_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush



More information about the omniORB-list mailing list