You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/03/02 16:43:45 UTC
[jira] [Commented] (KARAF-4968) LDAPLoginModule does not correctly
implement login method
[ https://issues.apache.org/jira/browse/KARAF-4968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15892575#comment-15892575 ]
ASF GitHub Bot commented on KARAF-4968:
---------------------------------------
Github user asfgit closed the pull request at:
https://github.com/apache/karaf/pull/276
> LDAPLoginModule does not correctly implement login method
> ---------------------------------------------------------
>
> Key: KARAF-4968
> URL: https://issues.apache.org/jira/browse/KARAF-4968
> Project: Karaf
> Issue Type: Bug
> Components: karaf-security
> Affects Versions: 4.0.8
> Reporter: Stijn Strickx
> Assignee: Guillaume Nodet
> Priority: Minor
> Fix For: 4.0.9, 4.1.1
>
>
> When the LDAPLoginModule fails to authenticate a user, given the provided credentials, the login() method will return false.
> This is incorrect behavior as explained in the JAAS Dev Guide: http://docs.oracle.com/javase/8/docs/technotes/guides/security/jaas/JAASLMDevGuide.html#login
> The login() method should throw a LoginException in that case. Returning false actually tells the LoginContext that this LoginModule should be ignored.
> As long as the LDAPLoginModule is the only LoginModule configured within a Realm, the resulting behavior from the LoginContext is as expected. The problem becomes apparent when using the LDAPLoginModule as one of multiple LoginModules defined within a Realm. If, for example, all LoginModules their flags are set to "required", a failure to login in the LDAPLoginModule will just be ignored (while it logs a warning about invalid credentials) as long as the other LoginModules were able to do a successful login. This is not the expected behavior since the LDAPLoginModule is also configured to be "required".
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)