[jira] [Commented] (KARAF-4490) LDAPLoginModule use authentication to check user password

JIRA Fri, 28 Jul 2017 06:22:39 -0700

    [ 
https://issues.apache.org/jira/browse/KARAF-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16104933#comment-16104933
 ]


Jean-Baptiste Onofré commented on KARAF-4490:
---------------------------------------------

master (4.2.0-SNAPSHOT) is not affected as it checks the authentication with 
credentials.

> LDAPLoginModule use authentication to check user password
> ---------------------------------------------------------
>
>                 Key: KARAF-4490
>                 URL: https://issues.apache.org/jira/browse/KARAF-4490
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-security
>    Affects Versions: 4.0.4
>            Reporter: Alexandre Cartapanis
>            Assignee: Jean-Baptiste Onofré
>             Fix For: 4.1.2, 4.0.10
>
>
> The {{LDAPLoginModule}} uses the {{authentication}} property to authenticate 
> to the LDAP server, but also use it to check user password (step 2). If 
> {{authentication}} is set to "none" for exemple, it will validate any 
> password provided by user.
> In 
> https://github.com/apache/karaf/blob/master/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java#L124,
>  {{authentication}} should be set to "simple".



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (KARAF-4490) LDAPLoginModule use authentication to check user password

Reply via email to