Details
-
Task
-
Resolution: Done
-
Major
-
RHDG 8.3 GA
-
False
-
None
-
False
-
Documentation (Ref Guide, User Guide, etc.)
Description
Active Directory does not expose the password attribute, so the user-password-mapper cannot be used. For this reason, only direct-verfication is possible. The authentication mechanisms that perform hashing (Digest, Scram) cannot be used in this mode.
The only solution is to use Basic for HTTP and Plain for Hot Rod
A more secure alternative is to use Kerberos which allows Negotiate and GSSAPI mechanisms
Attachments
Issue Links
- is incorporated by
-
ISPN-13795 Docs revision: Security updates and minor additions
- Closed