Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-6359

Clients can log in with encrypted passwords

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.2.6
    • Fix Version/s: 4.3.0, 4.2.7
    • Component/s: None
    • Labels:
      None

      Description

      https://issues.apache.org/jira/browse/KARAF-5316 introduced a regression in Karaf 4.2.0, that clients could log in using encrypted passwords. So for example, if you enable JAAS encryption, and run bin/client it logs in without prompting for a password - as the JAAS code falls back to comparing the received (encrypted) password directly against the stored value. In 4.1.x, it always prompted for a password when encryption as enabled. IMO the 4.1.x behavior was the correct one.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ffang Freeman Yue Fang
                Reporter:
                coheigea Colm O hEigeartaigh
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: