Appendix F - OS/390 LoginModule

Name of the LoginModule :

The OS390LoginModule is in package com.ibm.security.auth.module.

Notes about LoginModule :

There are two types of logins that are allowed with this LoginModule: passive and active login.

If no CallbackHandler was specified on the creation of the LoginContext that is utilizing the OS390LoginModule, then the underlying operating system is queried for the current identity which is used to create a Subject. This is a passive login.

However, if a CallbackHandler was specified, then this OS390LoginModule drives a NameCallback and a PasswordCallback to get user information which in turn is used in a SAF (RACF®) call to verify the userid and password. After the userid and password are verified, a Subject is created with this information. This is an active login. The Callback classes are part of the javax.security.auth.callback package.

Also, the OS390LoginModule ignores the sharedState parameter. The JAAS HelloWorld example code can be modified to use this LoginModule by using the helloOS390.config file instead of using the hello.config file. Look at {$java.home}/demo/jaas for this configuraiton file.