[jboss-user] [Security & JAAS/JBoss] - Re: Active Directory and LdapExtLoginModule?
a_lai82
do-not-reply at jboss.com
Tue Aug 21 06:30:17 EDT 2007
Can I ask has anyone managed to encrypt the bindCredential within the login-config.xml
It seems like a serious security issue having plain text passwords.
Is this really the only way to allow users to login using the "sAMAccountName" rather than the DN which uses the CN value. It would seem like a common thing to do, and potentially a hassle should the admin password be compromised the settings have to be changed and the server reset.
Any input would be grateful.
Andy
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4076200#4076200
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4076200
More information about the jboss-user
mailing list