Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-6359

Clients can log in with encrypted passwords

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 4.2.6
    • 4.3.0, 4.2.7
    • None
    • None

    Description

      https://issues.apache.org/jira/browse/KARAF-5316 introduced a regression in Karaf 4.2.0, that clients could log in using encrypted passwords. So for example, if you enable JAAS encryption, and run bin/client it logs in without prompting for a password - as the JAAS code falls back to comparing the received (encrypted) password directly against the stored value. In 4.1.x, it always prompted for a password when encryption as enabled. IMO the 4.1.x behavior was the correct one.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #902

          Activity

            People

              ffang Freeman Yue Fang
              coheigea Colm O hEigeartaigh
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: