karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré (JIRA) <j...@apache.org>
Subject [jira] [Created] (KARAF-2755) Encrypt password mechanism pollutes the group
Date Wed, 12 Feb 2014 16:06:19 GMT
Jean-Baptiste Onofré created KARAF-2755:

             Summary: Encrypt password mechanism pollutes the group
                 Key: KARAF-2755
                 URL: https://issues.apache.org/jira/browse/KARAF-2755
             Project: Karaf
          Issue Type: Bug
          Components: karaf-security
            Reporter: Jean-Baptiste Onofré
            Assignee: Jean-Baptiste Onofré
             Fix For: 2.4.0, 3.0.1

By enabling the encryption (in etc/org.apache.karaf.jaas.cfg), Karaf ignores if we talk about
users or groups, and so encrypts the groups, resulting to something like this in etc/users.properties:

karaf = {CRYPT}e7ebf747769e8522b52d1bf47f718788{CRYPT},_g_:admingroup
_g_\:admingroup = {CRYPT}db0f6f37ebeb6ea09489124345af2a45{CRYPT},admin,manager,viewer

The encryption service should check if the considered line is an user or a group, and just
crypts the user passwords.

This message was sent by Atlassian JIRA

View raw message