directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pierre-Arnaud Marcelot (JIRA)" <j...@apache.org>
Subject [jira] Closed: (DIRSERVER-1573) CRAM-MD5 Authentication does not work when password is stored in a crypted form
Date Fri, 22 Oct 2010 18:40:05 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-1573?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Pierre-Arnaud Marcelot closed DIRSERVER-1573.
---------------------------------------------

       Resolution: Invalid
    Fix Version/s:     (was: 2.0.0-RC1)
         Assignee: Pierre-Arnaud Marcelot

As stated by Wikipedia:
Need to secure server: The server needs access to the users' plain text passwords. Therefore
it must take additional care to secure these passwords. Typically by using reversable cryptography.

http://en.wikipedia.org/wiki/CRAM-MD5

Closing the jira as invalid.

> CRAM-MD5 Authentication does not work when password is stored in a crypted form
> -------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1573
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1573
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-RC1
>            Reporter: Pierre-Arnaud Marcelot
>            Assignee: Pierre-Arnaud Marcelot
>            Priority: Critical
>
> CRAM-MD5 Authentication does not work when password is stored in a crypted form.
> When password is stored as plaintext, authentication succeeds.
> When password is stored encrypted, using {MD5} for example, then authentication fails
with the following exception:
> "javax.security.sasl.SaslException: Invalid response".
> This exception is thrown in class BindHandler at line 297.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message