[ https://issues.apache.org/jira/browse/KARAF-6359?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Freeman Fang resolved KARAF-6359. --------------------------------- Resolution: Fixed > Clients can log in with encrypted passwords > ------------------------------------------- > > Key: KARAF-6359 > URL: https://issues.apache.org/jira/browse/KARAF-6359 > Project: Karaf > Issue Type: Bug > Affects Versions: 4.2.6 > Reporter: Colm O hEigeartaigh > Assignee: Freeman Fang > Priority: Major > Fix For: 4.3.0, 4.2.7 > > > https://issues.apache.org/jira/browse/KARAF-5316 introduced a regression in > Karaf 4.2.0, that clients could log in using encrypted passwords. So for > example, if you enable JAAS encryption, and run bin/client it logs in without > prompting for a password - as the JAAS code falls back to comparing the > received (encrypted) password directly against the stored value. In 4.1.x, it > always prompted for a password when encryption as enabled. IMO the 4.1.x > behavior was the correct one. -- This message was sent by Atlassian JIRA (v7.6.14#76016)