Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-893

Masking of password does not work with login.config

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • None
    • AMQ 7.0.3.GA
    • broker-core
    • Documentation (Ref Guide, User Guide, etc.), Release Notes
    • You can now mask passwords in the JAAS configuration file login.config. Previously, password masking was not supported for login.config, which meant that the passwords in the file were stored in plain text.
    • Documented as Feature Request
    • AMQ Broker 1836

    Description

      User Story:
      As an operator, I have configured the broker to use our existing LDAP infrastructure for authentication and authorization, but the password for LDAP is in plain text. I need a way to mask this passwords per my company's policy that no passwords should be in plain text.

      Masking of a password does not work with login.config, I tested the configuration by masking LDAP password and it failed with Invalid Credentials

      When using mask password

      20:27:46,771 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Create the LDAP initial context.
20:27:47,040 ERROR [org.apache.activemq.artemis.core.server] javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]

      Without mask

      20:35:30,977 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Create the LDAP initial context.
20:35:31,477 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Get the user DN.
20:35:31,477 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Looking for the user in LDAP with

      Attachments

        1. broker.xml
          10 kB
        2. login.config
          2 kB
        3. python_output
          5 kB
        4. qpid_jms_output
          5 kB
        5. rhea_output
          3 kB

        Issue Links

          is duplicated by

          Bug - A problem that impairs or prevents the functions of the product. ENTMQBR-1338 Support masked passwords in bootstrap.xml and login.config

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. ENTMQIC-2326 allow users to mask passwords

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Task - Represents a small unit of work that is not end-user facing. ENTMQBR-1494 Document support of masked passwords in login.config

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          ARTEMIS-1600 Loading...

          relates to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. ENTMQBR-908 Support masked passwords in bootstrap.xml

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-support-jbertram Justin Bertram
              rhn-support-shsingh Shailendra Singh
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 2 days
                  2d
                  Remaining:
                  Remaining Estimate - 2 days
                  2d
                  Logged:
                  Time Spent - Not Specified
                  Not Specified