karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Freeman Fang (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (KARAF-2754) all password should be encrypted when encryption.enabled is true
Date Wed, 12 Feb 2014 07:19:19 GMT

     [ https://issues.apache.org/jira/browse/KARAF-2754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Freeman Fang resolved KARAF-2754.
---------------------------------

       Resolution: Fixed
    Fix Version/s: 2.3.4
                   3.0.1
                   2.4.0

commit fix
http://git-wip-us.apache.org/repos/asf/karaf/diff/56239e9c to karaf-2.3.x branch
http://git-wip-us.apache.org/repos/asf/karaf/diff/55b0e294 to karaf-2.x branch
http://git-wip-us.apache.org/repos/asf/karaf/diff/d2af093d to master

> all password should be encrypted when encryption.enabled is true
> ----------------------------------------------------------------
>
>                 Key: KARAF-2754
>                 URL: https://issues.apache.org/jira/browse/KARAF-2754
>             Project: Karaf
>          Issue Type: Improvement
>            Reporter: Freeman Fang
>            Assignee: Freeman Fang
>             Fix For: 2.4.0, 3.0.1, 2.3.4
>
>
> if we set
> {code}
> encryption.enabled = true
> {code}
> in etc/org.apache.karaf.jaas.cfg, and we have
> {code}
> admin = admin,admin
> testuser=testpwd,admin
> {code}
> in etc/users.properties
> then if login with user admin, we can admin password encrypted
> {code}
> admin = {CRYPT}21232f297a57a5a743894a0e4a801fc3{CRYPT},admin
> testuser=testpwd,admin
> {code}
> However if  there will be 100s of users defined inside the "etc/users.properties" file
then it becomes security hole and complex to connect to Karaf one by one using different credentials
in order to get the encrypted passwords inside the file "etc/users.properties", we should
encrypt them all as one goal if we set encryption.enabled = true



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message