You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Christopher L. Shannon (JIRA)" <ji...@apache.org> on 2015/09/20 17:00:05 UTC

[jira] [Resolved] (AMQ-5860) Encrypt connectionPassword in login,conf file when using LDAPLoginModule

     [ https://issues.apache.org/jira/browse/AMQ-5860?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Christopher L. Shannon resolved AMQ-5860.
-----------------------------------------
    Resolution: Fixed

I have applied this to master.  A password can now be encrypted using the same encrypted password strategy as described here: http://activemq.apache.org/encrypted-passwords.html

An example of how to configure this is below:


{noformat}
LdapConfiguration { 
   org.apache.activemq.jaas.EncryptableLDAPLoginModule required 
       debug=true
       initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory 
       connectionURL="ldap://ldap.acme.com:389"
       connectionUsername="cn=mqbroker,ou=Services,dc=acme,dc=com"
       connectionPassword="ENC(yourEncryptedPasswordHere)"
       connectionProtocol=s 
       authentication=simple 
       userBase="ou=User,ou=ActiveMQ,ou=systems,dc=acme,dc=com"
       userRoleName=dummyUserRoleName 
       userSearchMatching="(uid={0})"
       userSearchSubtree=false
       roleBase="ou=Group,ou=ActiveMQ,ou=systems,dc=acme,dc=com"
       roleName=cn 
       roleSearchMatching="(member:=uid={1})"
       roleSearchSubtree=true
       encryptionPassword="encryptionPasswordHere"
       ; 
}; 
{noformat}

Note the use of {{org.apache.activemq.jaas.EncryptableLDAPLoginModule}} .  Also the plaintext password can either be provided by setting {{encryptionPassword}} with it as a property, or the environment property {{ACTIVEMQ_ENCRYPTION_PASSWORD}} can be set and it will be looked up.  Setting {{ACTIVEMQ_ENCRYPTION_PASSWORD}} as an environment variable is also described in the url documentation above.

The wiki page is having issues loading right now but when it is fixed I will add this information to the wiki.

> Encrypt connectionPassword in login,conf file when using LDAPLoginModule
> ------------------------------------------------------------------------
>
>                 Key: AMQ-5860
>                 URL: https://issues.apache.org/jira/browse/AMQ-5860
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Broker
>    Affects Versions: 5.11.1
>            Reporter: JIE CHEN
>            Assignee: Christopher L. Shannon
>            Priority: Critical
>
> Current the connectionPassword can only be clear text in login.conf file if using LDAPLoginModule. It is important to encrypt the password otherwise it will be a big security issue in some user case



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)