[jboss-jira] [JBoss JIRA] (SECURITY-665) Incorrect warning about invalid option passwordIsA1Hash in login modules
Martin Gencur (JIRA)
jira-events at lists.jboss.org
Mon Jul 2 06:09:12 EDT 2012
[ https://issues.jboss.org/browse/SECURITY-665?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Gencur updated SECURITY-665:
-----------------------------------
Description:
As I described in in my last post in https://community.jboss.org/message/744521#744521, I had a problem with DIGEST authentication and passwordIsA1Hash option configured in JBossAS 7.
IMO one of the following classes should enlist passwordIsA1Hash option among their valid options: AbstractServerLoginModule, UsernamePasswordLoginModule, UsersRolesLoginModule. Now it's missing and login modules scream that the option is invalid (in my case UsersRolesLoginModule).
was:
As I described in in my last post in https://community.jboss.org/message/744521#744521, I had a problem with DIGEST authentication and passwordIsA1Hash option JBossAS 7.
IMO one of the following classes should enlist passwordIsA1Hash option among their valid options: AbstractServerLoginModule, UsernamePasswordLoginModule, UsersRolesLoginModule. Now it's missing and login modules scream that the option is invalid (in my case UsersRolesLoginModule).
Forum Reference: https://community.jboss.org/message/744521#744521 (was: https://community.jboss.org/message/744521#744521)
> Incorrect warning about invalid option passwordIsA1Hash in login modules
> ------------------------------------------------------------------------
>
> Key: SECURITY-665
> URL: https://issues.jboss.org/browse/SECURITY-665
> Project: PicketBox (JBoss Security and Identity Management)
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: PicketBox_v4_0_9.Final
> Reporter: Martin Gencur
> Assignee: Anil Saldhana
>
> As I described in in my last post in https://community.jboss.org/message/744521#744521, I had a problem with DIGEST authentication and passwordIsA1Hash option configured in JBossAS 7.
> IMO one of the following classes should enlist passwordIsA1Hash option among their valid options: AbstractServerLoginModule, UsernamePasswordLoginModule, UsersRolesLoginModule. Now it's missing and login modules scream that the option is invalid (in my case UsersRolesLoginModule).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list