Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: Negotiation_2_3_7_Final
Affects Version/s: Negotiation_2_3_6_Final
Component/s: Negotiation
Labels:
None

Steps to Reproduce:

Hide

Create a SPNEGO based ldap authentication and try to authenticate against the login-module.

Show
Create a SPNEGO based ldap authentication and try to authenticate against the login-module.
Affects:

User Experience
Workaround:

Workaround Exists
Workaround Description:

Hide

Disable the trace log.

Show
Disable the trace log.
Git Pull Request:
https://github.com/wildfly-security/jboss-negotiation/pull/21
Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1199641

Description

The bind Credential are being logged:

2015-03-19 19:33:28,569 TRACE [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-localhost/127.0.0.1:8080-1) Logging into LDAP server, env={baseFilter=(userPrincipalName=

{0}

), java.naming.security.credentials=***, jboss.security.security_domain=SPNEGO, java.naming.ldap.attributes.binary=objectSid, password-stacking=useFirstPass, recurseRoles=false, java.naming.security.authentication=simple, baseCtxDN=DC=example,DC=com, roleAttributeIsDN=true, rolesCtxDN=DC=example,DC=com, java.naming.security.principal=bindUser, allowEmptyPassword=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://127.0.0.1:389, roleNameAttributeID=cn, roleAttributeID=memberOf, bindDN=bindUser, bindCredential=password}

Attachments

Activity

People

Assignee:: Filippe Spolti

Reporter:: Filippe Spolti

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2015/03/19 6:45 PM

Updated:: 2017/01/17 5:18 AM

Resolved:: 2015/04/20 11:27 AM