[jboss-jira] [JBoss JIRA] (SECURITY-903) Differently implemented password-stacking option in ClientLoginModule
RH Bugzilla Integration (JIRA)
issues at jboss.org
Tue Nov 1 11:16:01 EDT 2016
[ https://issues.jboss.org/browse/SECURITY-903?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13314965#comment-13314965 ]
RH Bugzilla Integration commented on SECURITY-903:
--------------------------------------------------
Aurel Pintea <apintea at redhat.com> changed the Status of [bug 1254194|https://bugzilla.redhat.com/show_bug.cgi?id=1254194] from MODIFIED to ON_QA
> Differently implemented password-stacking option in ClientLoginModule
> ---------------------------------------------------------------------
>
> Key: SECURITY-903
> URL: https://issues.jboss.org/browse/SECURITY-903
> Project: PicketBox
> Issue Type: Bug
> Reporter: Ryan Emerson
> Assignee: Ryan Emerson
> Fix For: PicketBox_5_0_0.Alpha2
>
>
> From BZ:
> "In case when some login module should use password stacking then value of password-stacking option should be set to useFirstPass. All login modules should respect it. However implemetation of org.jboss.security.ClientLoginModule uses password-stacking differently - it uses password stacking everytime when some value is set for password-stacking option (even value false). It should work same as other login modules. Current behavior can be confusing and can lead to incorrectly set server configuration."
--
This message was sent by Atlassian JIRA
(v7.2.2#72004)
More information about the jboss-jira
mailing list