-
Type:
Bug
-
Status: Done
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: AMQ 7.0.3.GA
-
Fix Version/s: None
-
Component/s: broker-core
-
Labels:
-
Target Release:
-
Sprint:AMQ Broker 1836
-
Affects:Documentation (Ref Guide, User Guide, etc.), Release Notes
-
Release Notes Text:You can now mask passwords in the JAAS configuration file login.config. Previously, password masking was not supported for login.config, which meant that the passwords in the file were stored in plain text.
-
Release Notes Docs Status:Documented as Feature Request
User Story:
As an operator, I have configured the broker to use our existing LDAP infrastructure for authentication and authorization, but the password for LDAP is in plain text. I need a way to mask this passwords per my company's policy that no passwords should be in plain text.
Masking of a password does not work with login.config, I tested the configuration by masking LDAP password and it failed with Invalid Credentials
When using mask password
20:27:46,771 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Create the LDAP initial context. |
20:27:47,040 ERROR [org.apache.activemq.artemis.core.server] javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] |
Without mask
20:35:30,977 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Create the LDAP initial context. |
20:35:31,477 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Get the user DN. |
20:35:31,477 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Looking for the user in LDAP with |
- is duplicated by
-
ENTMQBR-1338 Support masked passwords in bootstrap.xml and login.config
-
- Done
-
- is related to
-
ENTMQBR-1494 Document support of masked passwords in login.config
-
- Done
-
-
ARTEMIS-1600 Loading...
- relates to
-
ENTMQBR-908 Support masked passwords in bootstrap.xml
-
- Done
-