[JOC-327] Adding or modifying a user account when password hashing and LDAP & INI realms are active corrupts all passwords - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 1.11.5
Fix Version/s: 1.11.5
Component/s: JOC Cockpit Web Service
Labels:
None

Description

Current Situation

When a User Account is added or modified in the Manage Accounts view and:

mixed LDAP and INI authentication realms are configured and
Password hashing is active

then all INI passwords will be corrupted and encrypted passwords set for the LDAP Accounts.

Tested with the "Short example for public LDAP Server with mixed LDAP and Shiro Authentication" configuration described here

Desired Behaviour

It should be possible to use the Manage Accounts view to add and edit User Accounts without blocking access.

Workarounds

Use a text editor to edit the shiro.ini file to:

deactivate password hashing by commenting out the following lines in the main section of the file:
- passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
- iniRealm.credentialsMatcher = $passwordMatcher
replace the encrypted INI passwords in the users section with plain text passwords
remove the encrypted LDAP passwords:
- Example: ldap_admin = ,administrator

Restart the Web Services

Attachments

Issue Links

relates to

JOC-328 shiro.ini - already hashed passwords are not considered when automatic hashing through Account Manager functionality occurs

Dismissed

Activity

People

Assignee:: Uwe Risse

Reporter:: Alan Amos

Approver:: Alan Amos

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 26 October 2017 17:51

Updated:: 11 November 2017 00:21

Resolved:: 03 November 2017 11:27