Name: bsC130419 Date: 08/13/2001


java version "1.3.0_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0_02)
Java HotSpot(TM) Client VM (build 1.3.0_02, mixed mode)


We do not see anywhere in JAAS documentation how we can pass username and
password from an application to LoginModule when no callback handler is
installed by the application.

We did see in FAQ that there are two property names
"javax.security.auth.login.name" and "javax.security.auth.login.password" to
share password between login modules. But the question remains how to pass the
username/password for the first time from the application to JAAS Module
programmatically.

We don't see any variation of LoginContext() constructors that allow an
application to set shared state properties or options. Only way seems to be by
setting the username/password as options in configuration file which needless to
say would not only be insufficient and limiting, but also a security risk.
(Review ID: 129928)
======================================================================