You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Alexandre Cartapanis (JIRA)" <ji...@apache.org> on 2016/04/12 12:44:25 UTC
[jira] [Updated] (KARAF-4490) LDAPLoginModule use authentication to
check user password
[ https://issues.apache.org/jira/browse/KARAF-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexandre Cartapanis updated KARAF-4490:
----------------------------------------
Description:
The {{LDAPLoginModule}} uses the {{authentication}} property to authenticate to the LDAP server, but also use it to check user password (step 2). If {{authentication}} is set to "none" for exemple, it will validate any password provided by user.
In https://github.com/apache/karaf/blob/master/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java#L124, {{authentication}} should be set to "simple".
was:
The {{LDAPLoginModule}} uses the {{authentication}} property to authenticate to the LDAP server, but also use it to check user password. If {{authentication}} is set to "none" for exemple, it will validate any password provided by user.
In https://github.com/apache/karaf/blob/master/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java#L124, {{authentication}} should be set to "simple".
> LDAPLoginModule use authentication to check user password
> ---------------------------------------------------------
>
> Key: KARAF-4490
> URL: https://issues.apache.org/jira/browse/KARAF-4490
> Project: Karaf
> Issue Type: Bug
> Components: karaf-security
> Affects Versions: 4.0.4
> Reporter: Alexandre Cartapanis
>
> The {{LDAPLoginModule}} uses the {{authentication}} property to authenticate to the LDAP server, but also use it to check user password (step 2). If {{authentication}} is set to "none" for exemple, it will validate any password provided by user.
> In https://github.com/apache/karaf/blob/master/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java#L124, {{authentication}} should be set to "simple".
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)