Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 78724 invoked from network); 21 Sep 2010 22:32:13 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 21 Sep 2010 22:32:13 -0000 Received: (qmail 68765 invoked by uid 500); 21 Sep 2010 22:32:13 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 68701 invoked by uid 500); 21 Sep 2010 22:32:12 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 68535 invoked by uid 99); 21 Sep 2010 22:32:12 -0000 Received: from Unknown (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Sep 2010 22:32:12 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Sep 2010 22:31:55 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o8LMVXmZ025214 for ; Tue, 21 Sep 2010 22:31:33 GMT Message-ID: <24385818.329781285108293885.JavaMail.jira@thor> Date: Tue, 21 Sep 2010 18:31:33 -0400 (EDT) From: "David Jencks (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Created: (GERONIMO-5619) CertificatePropertiesFileLoginModule only works with tomcat, not jetty MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org CertificatePropertiesFileLoginModule only works with tomcat, not jetty ---------------------------------------------------------------------- Key: GERONIMO-5619 URL: https://issues.apache.org/jira/browse/GERONIMO-5619 Project: Geronimo Issue Type: Bug Security Level: public (Regular issues) Components: security Affects Versions: 3.0 Reporter: David Jencks Assignee: David Jencks Fix For: 3.0 CertificatePropertiesFileLoginModule uses CertificateCallback. This is supported by tomcat but not jetty, which is more adapted to the jaspic password validation callback and which converts the x500 principal to a "name" and expects a NameCallback. We can easily modify the LoginModule to handle both. I can't decide if this is a security risk since this login module does not check passwords at all and just verifies that the principal name is known. It might be possible to misconfigure security so as to use basic or form auth with this login module and ignore the supplied password. I'm going to go ahead and apply the change. We can always roll it back. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.