[jboss-jira] [JBoss JIRA] (ELY-1252) Revisit hashed-password and crypt-password credentials in Elytron client configuration file

David Lloyd (JIRA) issues at jboss.org
Mon Jun 19 09:05:00 EDT 2017 

    [ https://issues.jboss.org/browse/ELY-1252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13423041#comment-13423041 ] 

David Lloyd edited comment on ELY-1252 at 6/19/17 9:04 AM:
-----------------------------------------------------------

These are intended to be used with the PLAIN mechanism.  Since they're one-way crypt, they can generally only be used on the server side though.


was (Author: dmlloyd):
These are intended to be used with the PLAIN mechanism.

> Revisit hashed-password and crypt-password credentials in Elytron client configuration file
> -------------------------------------------------------------------------------------------
>
>                 Key: ELY-1252
>                 URL: https://issues.jboss.org/browse/ELY-1252
>             Project: WildFly Elytron
>          Issue Type: Bug
>    Affects Versions: 1.1.0.Beta52
>            Reporter: Ondrej Lukas
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>
> Elytron client configuration file can include {{hashed-password}} or {{crypt-password}} as credentials for configuration. Internally this value is parsed in {{ElytronXmlParser}} and results to instance of {{PasswordSpec}}. However we do not see any SASL mechanism supported by Elytron which is able to work with it.
> In case when {{hashed-password}} or {{crypt-password}} seems that cannot be actually used with Elytron then we suggest to remove elements {{hashed-password}} or {{crypt-password}} from Elytron client configuration file. Remove them also from elytron-1_0.xsd file. Otherwise please provide configuration which is able to work with {{hashed-password}} or {{crypt-password}} as credentials for configuration on client side.
> We request blocker flag since configuration should not include elements which actually do nothing. Once we release them it can be hard to remove them in later application server version.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list