[jboss-jira] [JBoss JIRA] Updated: (JBAS-2681) Add real support for password-stacking (useFirstPass) in LDAPExtLoginModule
Seth Wilcox (JIRA)
jira-events at lists.jboss.org
Fri Oct 12 19:26:18 EDT 2007
[ http://jira.jboss.com/jira/browse/JBAS-2681?page=all ]
Seth Wilcox updated JBAS-2681:
------------------------------
Attachment: LDAPAuth.patch
Fixes unexpected behavior with LdapExtLoginModule when using the password-stacking
> Add real support for password-stacking (useFirstPass) in LDAPExtLoginModule
> ---------------------------------------------------------------------------
>
> Key: JBAS-2681
> URL: http://jira.jboss.com/jira/browse/JBAS-2681
> Project: JBoss Application Server
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Security
> Affects Versions: JBossAS-4.0.3 SP1
> Environment: All
> Reporter: Didier Kreutter
> Attachments: LDAPAuth.patch
>
>
> It would be nice, we could use the "useFirstPass" option of this login-module, like it can be done with the DatabaseServerLoginModule.
> With the construct of the LDAPExtLoginModule, it is not possible to use the LDAP-Directory to search for Roles without having to validate the Password, if this has been done by an precedent LoginModule (DB or SSO).
> I think the problem is in the fact, that the effective Role-Search is done in the overridden "validatePassword" function... witch will never been called when the "useFirstPass" option is set. Is it Possible to fulfill the roles in the getRoleSets() function?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list