[jboss-user] [Security & JAAS/JBoss] - Re: Active Directory and LdapExtLoginModule?

a_lai82 do-not-reply at jboss.com
Tue Aug 21 06:30:17 EDT 2007

Can I ask has anyone managed to encrypt the bindCredential within the login-config.xml

It seems like a serious security issue having plain text passwords.

Is this really the only way to allow users to login using the "sAMAccountName" rather than the DN which uses the CN value. It would seem like a common thing to do, and potentially a hassle should the admin password be compromised the settings have to be changed and the server reset.

Any input would be grateful.


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4076200#4076200

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4076200

More information about the jboss-user mailing list