You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by bu...@apache.org on 2003/01/28 21:38:24 UTC
DO NOT REPLY [Bug 16511] New: -
no-secure passwords not allowed with LDAP
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16511>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16511
no-secure passwords not allowed with LDAP
Summary: no-secure passwords not allowed with LDAP
Product: Jetspeed
Version: 1.4b3
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: Security
AssignedTo: jetspeed-dev@jakarta.apache.org
ReportedBy: fabien.toral@c-s.fr
Login cause a StringIndexOutOfBoundsException in LDAPAuthentication.java at line
145 (Jetspeed 1.4b3) when services.JetspeedSecurity.secure.passwords=false
The password is stored in plain-text in LDAP, but when LDAPAuthenticatio.login()
method checks it, there is a test for an encrypted password.
Sorry, but i've no patch to submit, i discoverd this with a bad configuration
file, because we use always secure passwords.
This bug could comes with bug# 14914
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>