Qpid
  1. Qpid
  2. QPID-4475

Web management plugin support for PLAIN SASL mechanism

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.21
    • Fix Version/s: 0.20, 0.21
    • Component/s: Java Broker
    • Labels:
      None

      Description

      The web management module of the Java Broker should be enhanced to allow for the use of the PLAIN SASL mechanism. This would allow the web-management module to be used with the SimpleLDAPAuthenticationManager (which requires PLAIN as it must pass a clear-text password through to the LDAP server).

      If PLAIN is in-use, then the Broker should restrict the web management to a secure protocol in order to avoid the transmision of user password in clear-text across the wire.

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open In Progress In Progress
        5h 3m 1 Robbie Gemmell 27/Nov/12 14:04
        In Progress In Progress Reviewable Reviewable
        2h 38m 1 Robbie Gemmell 27/Nov/12 16:43
        Reviewable Reviewable Resolved Resolved
        21m 48s 1 Rob Godfrey 27/Nov/12 17:05
        Resolved Resolved Closed Closed
        806d 3h 1m 1 Rob Godfrey 11/Feb/15 20:06
        Rob Godfrey made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Hide
        Robbie Gemmell added a comment -

        Now merged to the 0.20 release branch.

        Show
        Robbie Gemmell added a comment - Now merged to the 0.20 release branch.
        Hide
        Justin Ross added a comment -

        Reviewed by Rob. Approved for 0.20.

        Show
        Justin Ross added a comment - Reviewed by Rob. Approved for 0.20.
        Justin Ross made changes -
        Fix Version/s 0.20 [ 12323548 ]
        Fix Version/s 0.21 [ 12323549 ]
        Rob Godfrey made changes -
        Status Ready To Review [ 10006 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Hide
        Rob Godfrey added a comment -

        Looks good to me

        Show
        Rob Godfrey added a comment - Looks good to me
        Robbie Gemmell made changes -
        Assignee Robbie Gemmell [ gemmellr ] Rob Godfrey [ rgodfrey ]
        Hide
        Robbie Gemmell added a comment -

        Rob, could you review this please?

        Show
        Robbie Gemmell added a comment - Rob, could you review this please?
        Hide
        Robbie Gemmell added a comment -
        Show
        Robbie Gemmell added a comment - Change made in http://svn.apache.org/viewvc?rev=1414256&view=rev
        Robbie Gemmell made changes -
        Status In Progress [ 3 ] Ready To Review [ 10006 ]
        Robbie Gemmell made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        Robbie Gemmell made changes -
        Assignee Robbie Gemmell [ gemmellr ]
        Keith Wall made changes -
        Link This issue depends upon QPID-4462 [ QPID-4462 ]
        Keith Wall made changes -
        Link This issue depends upon QPID-4462 [ QPID-4462 ]
        Hide
        Keith Wall added a comment -

        This should be a case of extending the web-management module so that the client selects an appropriate mechanism from those advertised by the server from the http://localhost:8080/rest/sasl.

        Show
        Keith Wall added a comment - This should be a case of extending the web-management module so that the client selects an appropriate mechanism from those advertised by the server from the http://localhost:8080/rest/sasl .
        Keith Wall made changes -
        Field Original Value New Value
        Description The web management module of the Java Broker should be enhanced to allow for the use of the PLAIN SASL mechanism. This would allow the web-management module to be used with the SimpleLDAPAuthenticationManager (which requires PLAIN as it must pass a clear-text password through to the LDAP server).

        If PLAIN is in-use, then the Broker should restrict the web management to a secure protocol in order to avoid the transmision of user password in clear-text across the wire.






        Caused by: javax.security.sasl.SaslException: Unknown mechanism: CRAM-MD5

                at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager.createSaslServer(SimpleLDAPAuthenticationManager.java:193)

                at org.apache.qpid.server.security.SubjectCreator.createSaslServer(SubjectCreator.java:74)
        The web management module of the Java Broker should be enhanced to allow for the use of the PLAIN SASL mechanism. This would allow the web-management module to be used with the SimpleLDAPAuthenticationManager (which requires PLAIN as it must pass a clear-text password through to the LDAP server).

        If PLAIN is in-use, then the Broker should restrict the web management to a secure protocol in order to avoid the transmision of user password in clear-text across the wire.

        Keith Wall created issue -

          People

          • Assignee:
            Rob Godfrey
            Reporter:
            Keith Wall
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development