directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Domeyer (JIRA)" <>
Subject [jira] [Commented] (DIRKRB-82) Kerberos Requires Plain Text Password
Date Sat, 28 May 2011 14:18:47 GMT


Jeff Domeyer commented on DIRKRB-82:

I also dislike logging passwords, so I removed that.

an example interceptors configuration:

      <s:bean class="">

        <s:property name="encryptUserPassword" value="SSHA" /> 

> Kerberos Requires Plain Text Password
> -------------------------------------
>                 Key: DIRKRB-82
>                 URL:
>             Project: Directory Kerberos
>          Issue Type: New Feature
>    Affects Versions: 2.5.0
>         Environment: All Environments
>            Reporter: Jeff Domeyer
>            Assignee: Emmanuel Lecharny
>            Priority: Minor
>         Attachments:
> I would imagine a lot of people dislike storing password in LDAP in plain text, and unfortunately
the client application is producing the hashed/encrypted password to be stored in LDAP, so
when the Kerberos interceptor comes along, it can only use plain text passwords to calculate
the Kerberos keys.
> I created a subclass of KeyDerivationInterceptor, that when configured, will replace
the plain text password with a hash of your choice.
> (Looks like I can't attach here, will try attaching after creation of issue).

This message is automatically generated by JIRA.
For more information on JIRA, see:

View raw message