Qpid
  1. Qpid
  2. QPID-4475

Web management plugin support for PLAIN SASL mechanism

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.21
    • Fix Version/s: 0.20, 0.21
    • Component/s: Java Broker
    • Labels:
      None

      Description

      The web management module of the Java Broker should be enhanced to allow for the use of the PLAIN SASL mechanism. This would allow the web-management module to be used with the SimpleLDAPAuthenticationManager (which requires PLAIN as it must pass a clear-text password through to the LDAP server).

      If PLAIN is in-use, then the Broker should restrict the web management to a secure protocol in order to avoid the transmision of user password in clear-text across the wire.

        Activity

        Keith Wall created issue -
        Keith Wall made changes -
        Field Original Value New Value
        Description The web management module of the Java Broker should be enhanced to allow for the use of the PLAIN SASL mechanism. This would allow the web-management module to be used with the SimpleLDAPAuthenticationManager (which requires PLAIN as it must pass a clear-text password through to the LDAP server).

        If PLAIN is in-use, then the Broker should restrict the web management to a secure protocol in order to avoid the transmision of user password in clear-text across the wire.






        Caused by: javax.security.sasl.SaslException: Unknown mechanism: CRAM-MD5

                at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager.createSaslServer(SimpleLDAPAuthenticationManager.java:193)

                at org.apache.qpid.server.security.SubjectCreator.createSaslServer(SubjectCreator.java:74)
        The web management module of the Java Broker should be enhanced to allow for the use of the PLAIN SASL mechanism. This would allow the web-management module to be used with the SimpleLDAPAuthenticationManager (which requires PLAIN as it must pass a clear-text password through to the LDAP server).

        If PLAIN is in-use, then the Broker should restrict the web management to a secure protocol in order to avoid the transmision of user password in clear-text across the wire.

        Keith Wall made changes -
        Link This issue depends upon QPID-4462 [ QPID-4462 ]
        Keith Wall made changes -
        Link This issue depends upon QPID-4462 [ QPID-4462 ]
        Robbie Gemmell made changes -
        Assignee Robbie Gemmell [ gemmellr ]
        Robbie Gemmell made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        Robbie Gemmell made changes -
        Status In Progress [ 3 ] Ready To Review [ 10006 ]
        Robbie Gemmell made changes -
        Assignee Robbie Gemmell [ gemmellr ] Rob Godfrey [ rgodfrey ]
        Rob Godfrey made changes -
        Status Ready To Review [ 10006 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Justin Ross made changes -
        Fix Version/s 0.20 [ 12323548 ]
        Fix Version/s 0.21 [ 12323549 ]
        Rob Godfrey made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Rob Godfrey
            Reporter:
            Keith Wall
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development