Hi
Only basic is implemented. I found digest unecessary since SSL is available,
it can be easily implmented if required
What about a login(username, password) RMI method, that will go with SSL and
will be therfore protected. However, I think the best bet is to use client
authentication with certificates since that should be transparent and handled
at the SSL Factory level

Do you want to use JAAS to implement MBeanServer wide authentication, that
every adaptor will use?

Hi,
Yes, I was thinking at login(username, password), but it cannot go over SSL on this one only, unless providing another remote object that act as authenticator (which may be a good choice).
Once you export the RMI adaptor, either you export it over SSL or not. You cannot have some method yes and some no.
Yes, exactly.
But it is really damn slow.
So I guess 95% of users would like to have a weak authentication only to keep out curioses (of course hackers will access eventually, but if there are hackers around I will go full SSL).
So I send user and password in clear, not even base64, just plain text.
That would be the desiderata, but it is not so simple, since I should have callbacks on client and authentication on server...
JAAS is a very base framework, you have to build something around it in every case. The goal is to build something extendible, powerful, reusable, simple and fast around JAAS for our Adaptors ;)

Anyhow we can go 1.0 and think more about that for 1.1.

Simon