You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2019/07/17 12:09:00 UTC
[jira] [Commented] (KARAF-6359) Clients can log in with encrypted
passwords
[ https://issues.apache.org/jira/browse/KARAF-6359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16886989#comment-16886989 ]
ASF GitHub Bot commented on KARAF-6359:
---------------------------------------
coheigea commented on pull request #902: KARAF-6359 - Clients can log in with encrypted passwords
URL: https://github.com/apache/karaf/pull/902
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
> Clients can log in with encrypted passwords
> -------------------------------------------
>
> Key: KARAF-6359
> URL: https://issues.apache.org/jira/browse/KARAF-6359
> Project: Karaf
> Issue Type: Bug
> Affects Versions: 4.2.6
> Reporter: Colm O hEigeartaigh
> Priority: Major
> Fix For: 4.3.0, 4.2.7
>
>
> https://issues.apache.org/jira/browse/KARAF-5316 introduced a regression in Karaf 4.2.0, that clients could log in using encrypted passwords. So for example, if you enable JAAS encryption, and run bin/client it logs in without prompting for a password - as the JAAS code falls back to comparing the received (encrypted) password directly against the stored value. In 4.1.x, it always prompted for a password when encryption as enabled. IMO the 4.1.x behavior was the correct one.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)