You are viewing a plain text version of this content. The canonical link for it is here.

Posted to slide-user@jakarta.apache.org by Edmund Urbani <em...@liland.org> on 2005/08/09 16:36:21 UTC

weird authentication problem

hi all!

while setting up a slide repository i came across this strange problem:
it appears that slide accepts ANY password for any user in the system. 
my config is not very different from the standard slide 2.1 
configuration, so i don't see how this could have happend. i have been 
modifying ACLs and also created new users by adding directories in the 
/slide/users dir and setting their password property.

has anybody had this problem before?

 Edmund


---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org

Re: weird authentication problem

Posted by Edmund Urbani <em...@liland.org>.

Michael Oliver wrote:

>It sounds to me like you actually didn't turn on security or you are using
>one realm and setting values in another, but no we have several instances
>and several different authentication and security options including Tomcat
>realms, slide realms and JAAS/JNDI realms, they all work, without showing
>this behavior.
>
>Michael Oliver
>CTO
>Alarius Systems LLC
>6800 E. Lake Mead Blvd, #1096
>Las Vegas, NV 89156
>Phone:(702)643-7425
>Fax:(702)974-0341
>*Note new email changed from oliverm@matrix-media.com
>-----Original Message-----
>From: Edmund Urbani [mailto:emu@liland.org] 
>Sent: Tuesday, August 09, 2005 7:36 AM
>To: Slide Users Mailing List
>Subject: weird authentication problem
>
>
>hi all!
>
>while setting up a slide repository i came across this strange problem:
>it appears that slide accepts ANY password for any user in the system. 
>my config is not very different from the standard slide 2.1 
>configuration, so i don't see how this could have happend. i have been 
>modifying ACLs and also created new users by adding directories in the 
>/slide/users dir and setting their password property.
>
>has anybody had this problem before?
>
> Edmund
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: slide-user-help@jakarta.apache.org
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: slide-user-help@jakarta.apache.org
>
>  
>
it used to work for me as well. i have no idea what i did to my slide 
server to cause this behaviour.
i'd really like to know, so i can avoid it in the future.

this is from my slide.properties:
# Automatically perform security checks
# Default : true
org.apache.slide.security=true

and that's from the server.xml:
        <Context path="/slide" debug="0" privileged="true" useNaming="true">
          <Realm className="org.apache.catalina.realm.JAASRealm"
            appName="slide_login"
            userClassNames="org.apache.slide.jaas.spi.SlidePrincipal"
            roleClassNames="org.apache.slide.jaas.spi.SlideRole"
            name="Slide DAV Server"
            useContextClassLoader="false" />
        </Context>

looks fine and pretty much standard to me. i didn't change anything 
about the security-store either.
slide version is 2.2pre1.

slide won't allow me to login without a valid username. it's just that 
the password doesn't matter.

 Edmund


---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org

RE: weird authentication problem

Posted by Michael Oliver <ol...@alariussystems.com>.

It sounds to me like you actually didn't turn on security or you are using
one realm and setting values in another, but no we have several instances
and several different authentication and security options including Tomcat
realms, slide realms and JAAS/JNDI realms, they all work, without showing
this behavior.

Michael Oliver
CTO
Alarius Systems LLC
6800 E. Lake Mead Blvd, #1096
Las Vegas, NV 89156
Phone:(702)643-7425
Fax:(702)974-0341
*Note new email changed from oliverm@matrix-media.com
-----Original Message-----
From: Edmund Urbani [mailto:emu@liland.org] 
Sent: Tuesday, August 09, 2005 7:36 AM
To: Slide Users Mailing List
Subject: weird authentication problem


hi all!

while setting up a slide repository i came across this strange problem:
it appears that slide accepts ANY password for any user in the system. 
my config is not very different from the standard slide 2.1 
configuration, so i don't see how this could have happend. i have been 
modifying ACLs and also created new users by adding directories in the 
/slide/users dir and setting their password property.

has anybody had this problem before?

 Edmund


---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org