-
Bug
-
Resolution: Done
-
Major
-
None
-
AMQ 7.0.3.GA
-
Documentation (Ref Guide, User Guide, etc.), Release Notes
-
-
You can now mask passwords in the JAAS configuration file login.config. Previously, password masking was not supported for login.config, which meant that the passwords in the file were stored in plain text.
-
Documented as Feature Request
-
AMQ Broker 1836
User Story:
As an operator, I have configured the broker to use our existing LDAP infrastructure for authentication and authorization, but the password for LDAP is in plain text. I need a way to mask this passwords per my company's policy that no passwords should be in plain text.
Masking of a password does not work with login.config, I tested the configuration by masking LDAP password and it failed with Invalid Credentials
When using mask password
20:27:46,771 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Create the LDAP initial context. 20:27:47,040 ERROR [org.apache.activemq.artemis.core.server] javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
Without mask
20:35:30,977 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Create the LDAP initial context.
20:35:31,477 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Get the user DN.
20:35:31,477 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Looking for the user in LDAP with
- is duplicated by
-
-
- Closed
-
- is related to
-
ENTMQIC-2326 allow users to mask passwords
-
- Closed
-
-
ENTMQBR-1494 Document support of masked passwords in login.config
-
- Closed
-
-
ARTEMIS-1600 Loading...
- relates to
-
-
- Closed
-
