You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Pierre-Arnaud Marcelot (JIRA)" <ji...@apache.org> on 2010/10/22 17:20:23 UTC

[jira] Created: (DIRSERVER-1573) CRAM-MD5 Authentication does not work when password is stored in a crypted form

CRAM-MD5 Authentication does not work when password is stored in a crypted form
-------------------------------------------------------------------------------

                 Key: DIRSERVER-1573
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1573
             Project: Directory ApacheDS
          Issue Type: Bug
    Affects Versions: 2.0.0-RC1
            Reporter: Pierre-Arnaud Marcelot
            Priority: Critical
             Fix For: 2.0.0-RC1


CRAM-MD5 Authentication does not work when password is stored in a crypted form.

When password is stored as plaintext, authentication succeeds.
When password is stored encrypted, using {MD5} for example, then authentication fails with the following exception:
"javax.security.sasl.SaslException: Invalid response".
This exception is thrown in class BindHandler at line 297.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (DIRSERVER-1573) CRAM-MD5 Authentication does not work when password is stored in a crypted form

Posted by "Pierre-Arnaud Marcelot (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DIRSERVER-1573?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pierre-Arnaud Marcelot closed DIRSERVER-1573.
---------------------------------------------

       Resolution: Invalid
    Fix Version/s:     (was: 2.0.0-RC1)
         Assignee: Pierre-Arnaud Marcelot

As stated by Wikipedia:
Need to secure server: The server needs access to the users' plain text passwords. Therefore it must take additional care to secure these passwords. Typically by using reversable cryptography.

http://en.wikipedia.org/wiki/CRAM-MD5

Closing the jira as invalid.

> CRAM-MD5 Authentication does not work when password is stored in a crypted form
> -------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1573
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1573
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-RC1
>            Reporter: Pierre-Arnaud Marcelot
>            Assignee: Pierre-Arnaud Marcelot
>            Priority: Critical
>
> CRAM-MD5 Authentication does not work when password is stored in a crypted form.
> When password is stored as plaintext, authentication succeeds.
> When password is stored encrypted, using {MD5} for example, then authentication fails with the following exception:
> "javax.security.sasl.SaslException: Invalid response".
> This exception is thrown in class BindHandler at line 297.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.