Is there any way to encrypt connectionPassword in LDAPLoginModule

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Is there any way to encrypt connectionPassword in LDAPLoginModule

alt_alt
Hi all,
I am using ldap service to do authentication and authorization, and I need to set connectionPassword for LDAPLoginModule in login.config file. Is there any way to encrypt this password.

Any response is highly appreciated.

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Is there any way to encrypt connectionPassword in LDAPLoginModule

christopher.l.shannon
Anything that goes in activemq.xml can be encrypted because of Spring
support (see http://activemq.apache.org/encrypted-passwords.html)
Unfortunately,  I do not believe there is a way to encrypt a password in
the login.config file however.

There is also newer way to use LDAP that you could try and that looks like
it might support password encryption.  See this link
http://activemq.apache.org/cached-ldap-authorization-module.html and see if
that will work for you.

On Thu, Jun 18, 2015 at 4:31 PM, alt_alt <[hidden email]> wrote:

> Hi all,
> I am using ldap service to do authentication and authorization, and I need
> to set connectionPassword for LDAPLoginModule in login.config file. Is
> there
> any way to encrypt this password.
>
> Any response is highly appreciated.
>
> Thanks
>
>
>
> --
> View this message in context:
> http://activemq.2283324.n4.nabble.com/Is-there-any-way-to-encrypt-connectionPassword-in-LDAPLoginModule-tp4697979.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
Reply | Threaded
Open this post in threaded view
|

Re: Is there any way to encrypt connectionPassword in LDAPLoginModule

alt_alt
Thanks a lot for your reply. I've tried the cached ldap authorization map. But I still need to set connectionPassoword in cleartext in login.config file to make it work. I really want to know if it is possible to encrypt password in login.config file.
Reply | Threaded
Open this post in threaded view
|

Re: Is there any way to encrypt connectionPassword in LDAPLoginModule

christopher.l.shannon
Yeah unfortunately it doesn't look possible right now.  I pulled up the
source and did some digging and I don't see any current way to specify and
encrypted value.  If you want, you can go ahead and put a ticket in on Jira
and I (or someone else) can take a look at it.

On Thu, Jun 18, 2015 at 5:55 PM, alt_alt <[hidden email]> wrote:

> Thanks a lot for your reply. I've tried the cached ldap authorization map.
> But I still need to set connectionPassoword in cleartext in login.config
> file to make it work. I really want to know if it is possible to encrypt
> password in login.config file.
>
>
>
> --
> View this message in context:
> http://activemq.2283324.n4.nabble.com/Is-there-any-way-to-encrypt-connectionPassword-in-LDAPLoginModule-tp4697979p4697981.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
Reply | Threaded
Open this post in threaded view
|

Re: Is there any way to encrypt connectionPassword in LDAPLoginModule

alt_alt
Thanks for your help! I'll fire a ticket for it
Reply | Threaded
Open this post in threaded view
|

Re: Is there any way to encrypt connectionPassword in LDAPLoginModule

alt_alt
In reply to this post by christopher.l.shannon
I just created a jira ticket AMQ-5860. Please take a look at it
Reply | Threaded
Open this post in threaded view
|

Re: Is there any way to encrypt connectionPassword in LDAPLoginModule

alt_alt
No update until now, is there any plan to fix it?
Please NOTE it is a serious security issue if we want to make it on production environment
Reply | Threaded
Open this post in threaded view
|

Re: Is there any way to encrypt connectionPassword in LDAPLoginModule

christopher.l.shannon
Yeah I can take a look at getting that into 5.13 or 5.12.1.  It's kind of a
pain to do because the module is instantiated using reflection so it isn't
as simple as just using the spring encryptor that's already there but I can
figure out something to get the password encryption to work.

On Mon, Aug 31, 2015 at 6:55 PM, alt_alt <[hidden email]> wrote:

> No update until now, is there any plan to fix it?
> Please NOTE it is a serious security issue if we want to make it on
> production environment
>
>
>
> --
> View this message in context:
> http://activemq.2283324.n4.nabble.com/Is-there-any-way-to-encrypt-connectionPassword-in-LDAPLoginModule-tp4697979p4701559.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>