directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Domeyer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRKRB-82) Kerberos Requires Plain Text Password
Date Sat, 28 May 2011 14:18:47 GMT

    [ https://issues.apache.org/jira/browse/DIRKRB-82?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13040605#comment-13040605
] 

Jeff Domeyer commented on DIRKRB-82:
------------------------------------

I also dislike logging passwords, so I removed that.

an example interceptors configuration:

<interceptors>
...
      <!--<passwordPolicyInterceptor/>-->
      <!--<keyDerivationInterceptor/>-->
      <s:bean class="org.apache.directory.server.core.kerberos.ConfigurableKeyDerivationInterceptor">

        <s:property name="encryptUserPassword" value="SSHA" /> 
      </s:bean>
...

> Kerberos Requires Plain Text Password
> -------------------------------------
>
>                 Key: DIRKRB-82
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-82
>             Project: Directory Kerberos
>          Issue Type: New Feature
>    Affects Versions: 2.5.0
>         Environment: All Environments
>            Reporter: Jeff Domeyer
>            Assignee: Emmanuel Lecharny
>            Priority: Minor
>         Attachments: ConfigurableKeyDerivationInterceptor.java
>
>
> I would imagine a lot of people dislike storing password in LDAP in plain text, and unfortunately
the client application is producing the hashed/encrypted password to be stored in LDAP, so
when the Kerberos interceptor comes along, it can only use plain text passwords to calculate
the Kerberos keys.
> I created a subclass of KeyDerivationInterceptor, that when configured, will replace
the plain text password with a hash of your choice.
> (Looks like I can't attach here, will try attaching after creation of issue).

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message