Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-893

Masking of password does not work with login.config


    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • AMQ 7.0.3.GA
    • broker-core
    • Documentation (Ref Guide, User Guide, etc.), Release Notes
    • You can now mask passwords in the JAAS configuration file login.config. Previously, password masking was not supported for login.config, which meant that the passwords in the file were stored in plain text.
    • Documented as Feature Request
    • AMQ Broker 1836

      User Story:
      As an operator, I have configured the broker to use our existing LDAP infrastructure for authentication and authorization, but the password for LDAP is in plain text. I need a way to mask this passwords per my company's policy that no passwords should be in plain text.

      Masking of a password does not work with login.config, I tested the configuration by masking LDAP password and it failed with Invalid Credentials

      When using mask password

      20:27:46,771 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Create the LDAP initial context.
      20:27:47,040 ERROR [org.apache.activemq.artemis.core.server] javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]

      Without mask

      20:35:30,977 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Create the LDAP initial context.
      20:35:31,477 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Get the user DN.
      20:35:31,477 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Looking for the user in LDAP with 

        1. broker.xml
          10 kB
        2. login.config
          2 kB
        3. python_output
          5 kB
        4. qpid_jms_output
          5 kB
        5. rhea_output
          3 kB

            rhn-support-jbertram Justin Bertram
            rhn-support-shsingh Shailendra Singh
            0 Vote for this issue
            4 Start watching this issue


                Original Estimate - 2 days
                Remaining Estimate - 2 days
                Time Spent - Not Specified
                Not Specified