Hi,

I have a doubt regarding JAAS implementation.

Suppose I am using JAAS for implementing a Pluggable Authentication Module for a stand alone java application (Not J2EE) and LoginModule uses native OS authentication mechanism to authenticate users.

In this case where should I keep my JAAS policy file.

In all the tutorials which I come across, JAAS policy file is kept with the code in client machine.So how do we hide file from user. I dont want user modify the policy file and alter the previlages.

Can somebody give some insights regarding this.

Thanks