]
RH Bugzilla Integration commented on SECURITY-903:
--------------------------------------------------
Mike McCune <mmccune(a)redhat.com> changed the Status of [bug
Differently implemented password-stacking option in
ClientLoginModule
---------------------------------------------------------------------
Key: SECURITY-903
URL:
https://issues.jboss.org/browse/SECURITY-903
Project: PicketBox
Issue Type: Bug
Reporter: Ryan Emerson
Assignee: Ryan Emerson
Fix For: PicketBox_5_0_0.Alpha2
From BZ:
"In case when some login module should use password stacking then value of
password-stacking option should be set to useFirstPass. All login modules should respect
it. However implemetation of org.jboss.security.ClientLoginModule uses password-stacking
differently - it uses password stacking everytime when some value is set for
password-stacking option (even value false). It should work same as other login modules.
Current behavior can be confusing and can lead to incorrectly set server
configuration."