You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Christopher L. Shannon (JIRA)" <ji...@apache.org> on 2015/09/20 17:00:05 UTC
[jira] [Resolved] (AMQ-5860) Encrypt connectionPassword in
login,conf file when using LDAPLoginModule
[ https://issues.apache.org/jira/browse/AMQ-5860?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christopher L. Shannon resolved AMQ-5860.
-----------------------------------------
Resolution: Fixed
I have applied this to master. A password can now be encrypted using the same encrypted password strategy as described here: http://activemq.apache.org/encrypted-passwords.html
An example of how to configure this is below:
{noformat}
LdapConfiguration {
org.apache.activemq.jaas.EncryptableLDAPLoginModule required
debug=true
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://ldap.acme.com:389"
connectionUsername="cn=mqbroker,ou=Services,dc=acme,dc=com"
connectionPassword="ENC(yourEncryptedPasswordHere)"
connectionProtocol=s
authentication=simple
userBase="ou=User,ou=ActiveMQ,ou=systems,dc=acme,dc=com"
userRoleName=dummyUserRoleName
userSearchMatching="(uid={0})"
userSearchSubtree=false
roleBase="ou=Group,ou=ActiveMQ,ou=systems,dc=acme,dc=com"
roleName=cn
roleSearchMatching="(member:=uid={1})"
roleSearchSubtree=true
encryptionPassword="encryptionPasswordHere"
;
};
{noformat}
Note the use of {{org.apache.activemq.jaas.EncryptableLDAPLoginModule}} . Also the plaintext password can either be provided by setting {{encryptionPassword}} with it as a property, or the environment property {{ACTIVEMQ_ENCRYPTION_PASSWORD}} can be set and it will be looked up. Setting {{ACTIVEMQ_ENCRYPTION_PASSWORD}} as an environment variable is also described in the url documentation above.
The wiki page is having issues loading right now but when it is fixed I will add this information to the wiki.
> Encrypt connectionPassword in login,conf file when using LDAPLoginModule
> ------------------------------------------------------------------------
>
> Key: AMQ-5860
> URL: https://issues.apache.org/jira/browse/AMQ-5860
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Broker
> Affects Versions: 5.11.1
> Reporter: JIE CHEN
> Assignee: Christopher L. Shannon
> Priority: Critical
>
> Current the connectionPassword can only be clear text in login.conf file if using LDAPLoginModule. It is important to encrypt the password otherwise it will be a big security issue in some user case
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)