[jboss-jira] [JBoss JIRA] (SECURITY-903) Differently implemented password-stacking option in ClientLoginModule
Ryan Emerson (JIRA)
issues at jboss.org
Thu Aug 20 08:34:26 EDT 2015
Ryan Emerson created SECURITY-903:
-------------------------------------
Summary: Differently implemented password-stacking option in ClientLoginModule
Key: SECURITY-903
URL: https://issues.jboss.org/browse/SECURITY-903
Project: PicketBox
Issue Type: Bug
Reporter: Ryan Emerson
Assignee: Stefan Guilhen
>From BZ:
"In case when some login module should use password stacking then value of password-stacking option should be set to useFirstPass. All login modules should respect it. However implemetation of org.jboss.security.ClientLoginModule uses password-stacking differently - it uses password stacking everytime when some value is set for password-stacking option (even value false). It should work same as other login modules. Current behavior can be confusing and can lead to incorrectly set server configuration."
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list