You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Chris Custine (JIRA)" <di...@incubator.apache.org> on 2007/04/15 22:01:15 UTC

[jira] Created: (DIR-210) Cached credentials checking doesn't work with Hashed passwords

Cached credentials checking doesn't work with Hashed passwords
--------------------------------------------------------------

                 Key: DIR-210
                 URL: https://issues.apache.org/jira/browse/DIR-210
             Project: Directory
          Issue Type: Bug
            Reporter: Chris Custine
         Assigned To: Alex Karasulu


Checking passwords against the credentials cache doesn't take into account Hashed passwords.  The easiest solutions are to refactor the hashed password code from first time authentication attempts and re-use it for checking against the credentials cache or store the digested credentials in the cache.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (DIR-210) Cached credentials checking doesn't work with Hashed passwords

Posted by "Chris Custine (JIRA)" <di...@incubator.apache.org>.

     [ https://issues.apache.org/jira/browse/DIR-210?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chris Custine updated DIR-210:
------------------------------

    Attachment: DIR-210.diff

This patch fixes this issue by refactoring hashed password checking to a new method and adds a call to it as a fall through if the check against the credentials cache doesn't match.  

> Cached credentials checking doesn't work with Hashed passwords
> --------------------------------------------------------------
>
>                 Key: DIR-210
>                 URL: https://issues.apache.org/jira/browse/DIR-210
>             Project: Directory
>          Issue Type: Bug
>            Reporter: Chris Custine
>         Assigned To: Alex Karasulu
>         Attachments: DIR-210.diff
>
>
> Checking passwords against the credentials cache doesn't take into account Hashed passwords.  The easiest solutions are to refactor the hashed password code from first time authentication attempts and re-use it for checking against the credentials cache or store the digested credentials in the cache.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (DIRSERVER-901) Cached credentials checking doesn't work with Hashed passwords

Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DIRSERVER-901?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lecharny updated DIRSERVER-901:
----------------------------------------

    Affects Version/s: 1.5.0
        Fix Version/s: 1.5.1
             Assignee: Emmanuel Lecharny  (was: Alex Karasulu)

Is it affecting 1.0.x? To be confirmed.

> Cached credentials checking doesn't work with Hashed passwords
> --------------------------------------------------------------
>
>                 Key: DIRSERVER-901
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-901
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 1.5.0
>            Reporter: Chris Custine
>         Assigned To: Emmanuel Lecharny
>             Fix For: 1.5.1
>
>         Attachments: DIR-210.diff
>
>
> Checking passwords against the credentials cache doesn't take into account Hashed passwords.  The easiest solutions are to refactor the hashed password code from first time authentication attempts and re-use it for checking against the credentials cache or store the digested credentials in the cache.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (DIRSERVER-901) Cached credentials checking doesn't work with Hashed passwords

Posted by "Chris Custine (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DIRSERVER-901?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chris Custine closed DIRSERVER-901.
-----------------------------------


> Cached credentials checking doesn't work with Hashed passwords
> --------------------------------------------------------------
>
>                 Key: DIRSERVER-901
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-901
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 1.5.0
>            Reporter: Chris Custine
>            Assignee: Emmanuel Lecharny
>             Fix For: 1.5.1
>
>         Attachments: DIR-210.diff
>
>
> Checking passwords against the credentials cache doesn't take into account Hashed passwords.  The easiest solutions are to refactor the hashed password code from first time authentication attempts and re-use it for checking against the credentials cache or store the digested credentials in the cache.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (DIRSERVER-901) Cached credentials checking doesn't work with Hashed passwords

Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/DIRSERVER-901?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12488986 ] 

Emmanuel Lecharny commented on DIRSERVER-901:
---------------------------------------------

This patch will work for 1.5.0 version, not for 1.0.x.

We have to check that the problem exists in 1.0.x

> Cached credentials checking doesn't work with Hashed passwords
> --------------------------------------------------------------
>
>                 Key: DIRSERVER-901
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-901
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 1.5.0
>            Reporter: Chris Custine
>         Assigned To: Alex Karasulu
>             Fix For: 1.5.1
>
>         Attachments: DIR-210.diff
>
>
> Checking passwords against the credentials cache doesn't take into account Hashed passwords.  The easiest solutions are to refactor the hashed password code from first time authentication attempts and re-use it for checking against the credentials cache or store the digested credentials in the cache.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (DIRSERVER-901) Cached credentials checking doesn't work with Hashed passwords

Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DIRSERVER-901?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lecharny resolved DIRSERVER-901.
-----------------------------------------

    Resolution: Fixed

Applied patch :
http://svn.apache.org/viewvc?view=rev&rev=529082

> Cached credentials checking doesn't work with Hashed passwords
> --------------------------------------------------------------
>
>                 Key: DIRSERVER-901
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-901
>             Project: Directory ApacheDS
>          Issue Type: Bug
>            Reporter: Chris Custine
>         Assigned To: Alex Karasulu
>         Attachments: DIR-210.diff
>
>
> Checking passwords against the credentials cache doesn't take into account Hashed passwords.  The easiest solutions are to refactor the hashed password code from first time authentication attempts and re-use it for checking against the credentials cache or store the digested credentials in the cache.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.