portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 16511] New: - no-secure passwords not allowed with LDAP
Date Tue, 28 Jan 2003 20:38:24 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16511>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16511

no-secure passwords not allowed with LDAP

           Summary: no-secure passwords not allowed with LDAP
           Product: Jetspeed
           Version: 1.4b3
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Security
        AssignedTo: jetspeed-dev@jakarta.apache.org
        ReportedBy: fabien.toral@c-s.fr


Login cause a StringIndexOutOfBoundsException in LDAPAuthentication.java at line
145 (Jetspeed 1.4b3) when services.JetspeedSecurity.secure.passwords=false

The password is stored in plain-text in LDAP, but when LDAPAuthenticatio.login()
method checks it, there is a test for an encrypted password.

Sorry, but i've no patch to submit, i discoverd this with a bad configuration
file, because we use always secure passwords.

This bug could comes with bug# 14914

--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message