geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Possible questionable change in CertificatePropertiesFileLoginModule
Date Tue, 21 Sep 2010 22:37:33 GMT
See  GERONIMO-5619, rev 999674 (trunk)

Briefly, I've modified CertificatePropertiesFileLoginModule so it works with either a CertificateCallback
(used by tomcat) or a NameCallback (used by jetty).  In either case we just check that we
know about the x500 principal name, there is no password checking.  (we rely on ssl to validate
the client cert).

Does anyone think this is an undesirable security problem?  It might be possible to misconfigure
security so that e.g. basic or form auth ended up using this login module and just checked
the user name and not the password.  I don't think this is sufficiently likely to worry about,
since these principal names are ldap goo (ou=.....,) and I would expect any such misconfiguration
to be immediately evident in testing.

david jencks

View raw message