Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-893

Masking of password does not work with login.config

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • AMQ 7.0.3.GA
    • broker-core
    • Documentation (Ref Guide, User Guide, etc.), Release Notes
    • You can now mask passwords in the JAAS configuration file login.config. Previously, password masking was not supported for login.config, which meant that the passwords in the file were stored in plain text.
    • Documented as Feature Request
    • AMQ Broker 1836

      User Story:
      As an operator, I have configured the broker to use our existing LDAP infrastructure for authentication and authorization, but the password for LDAP is in plain text. I need a way to mask this passwords per my company's policy that no passwords should be in plain text.


      Masking of a password does not work with login.config, I tested the configuration by masking LDAP password and it failed with Invalid Credentials

      When using mask password

      20:27:46,771 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Create the LDAP initial context.
      20:27:47,040 ERROR [org.apache.activemq.artemis.core.server] javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
      

      Without mask

      20:35:30,977 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Create the LDAP initial context.
      20:35:31,477 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Get the user DN.
      20:35:31,477 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Looking for the user in LDAP with 
      

        1. broker.xml
          10 kB
        2. login.config
          2 kB
        3. python_output
          5 kB
        4. qpid_jms_output
          5 kB
        5. rhea_output
          3 kB

            rhn-support-jbertram Justin Bertram
            rhn-support-shsingh Shailendra Singh
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 2 days
                2d
                Remaining:
                Remaining Estimate - 2 days
                2d
                Logged:
                Time Spent - Not Specified
                Not Specified