[jboss-jira] [JBoss JIRA] (SECURITY-900) Differently implemented password-stacking option in ClientLoginModule
Ondrej Lukas (JIRA)
issues at jboss.org
Mon Aug 17 07:57:26 EDT 2015
[ https://issues.jboss.org/browse/SECURITY-900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ondrej Lukas moved JBEAP-719 to SECURITY-900:
---------------------------------------------
Project: PicketBox (was: JBoss Enterprise Application Platform)
Key: SECURITY-900 (was: JBEAP-719)
Workflow: classic default workflow (was: CDW v1)
Affects Version/s: PicketBox_4_9_2.Final
(was: EAP 7.0.0.DR8)
Component/s: (was: Security)
Target Release: (was: EAP 7.0.0.GA)
> Differently implemented password-stacking option in ClientLoginModule
> ---------------------------------------------------------------------
>
> Key: SECURITY-900
> URL: https://issues.jboss.org/browse/SECURITY-900
> Project: PicketBox
> Issue Type: Bug
> Affects Versions: PicketBox_4_9_2.Final
> Reporter: Ondrej Lukas
>
> In case when some login module should use password stacking then value of password-stacking option should be set to useFirstPass. All login modules should respect it. However implemetation of org.jboss.security.ClientLoginModule uses password-stacking differently - it uses password stacking everytime when some value is set for password-stacking option (even value false). It should work same as other login modules. Current behavior can be confusing and can lead to incorrectly set server configuration.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list