You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by bu...@apache.org on 2003/01/28 21:38:24 UTC

DO NOT REPLY [Bug 16511] New: - no-secure passwords not allowed with LDAP

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16511>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16511

no-secure passwords not allowed with LDAP

           Summary: no-secure passwords not allowed with LDAP
           Product: Jetspeed
           Version: 1.4b3
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Security
        AssignedTo: jetspeed-dev@jakarta.apache.org
        ReportedBy: fabien.toral@c-s.fr


Login cause a StringIndexOutOfBoundsException in LDAPAuthentication.java at line
145 (Jetspeed 1.4b3) when services.JetspeedSecurity.secure.passwords=false

The password is stored in plain-text in LDAP, but when LDAPAuthenticatio.login()
method checks it, there is a test for an encrypted password.

Sorry, but i've no patch to submit, i discoverd this with a bad configuration
file, because we use always secure passwords.

This bug could comes with bug# 14914

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>