[
https://issues.apache.org/jira/browse/KARAF-2754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13899080#comment-13899080
]
Jean-Baptiste Onofré commented on KARAF-2754:
---------------------------------------------
Hi Freeman,
are you sure about your change, especially the way to change the password (and
putting in clear) ?
I gonna test it (or maybe you already tested it ?).
I agree to call encrypt password at "startup" to crypt all passwords in a row,
but users may want to re-type the password in clear (without the prefix/suffix,
{CRYPT} by default) in order to "re-encrypt" it again.
Thanks anyway !
Regards
JB
> all password should be encrypted when encryption.enabled is true
> ----------------------------------------------------------------
>
> Key: KARAF-2754
> URL: https://issues.apache.org/jira/browse/KARAF-2754
> Project: Karaf
> Issue Type: Improvement
> Reporter: Freeman Fang
> Assignee: Freeman Fang
> Fix For: 2.4.0, 3.0.1, 2.3.4
>
>
> if we set
> {code}
> encryption.enabled = true
> {code}
> in etc/org.apache.karaf.jaas.cfg, and we have
> {code}
> admin = admin,admin
> testuser=testpwd,admin
> {code}
> in etc/users.properties
> then if login with user admin, we can admin password encrypted
> {code}
> admin = {CRYPT}21232f297a57a5a743894a0e4a801fc3{CRYPT},admin
> testuser=testpwd,admin
> {code}
> However if there will be 100s of users defined inside the
> "etc/users.properties" file then it becomes security hole and complex to
> connect to Karaf one by one using different credentials in order to get the
> encrypted passwords inside the file "etc/users.properties", we should encrypt
> them all as one goal if we set encryption.enabled = true
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
