Bug 4837 - Username/password not working.
: Username/password not working.
Status: RESOLVED FIXED
: Java WS Security
Authentication
: unspecified
: PC Linux
: P3 normal
: 4.2.0
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2006-11-03 12:08 by
Modified: 2007-02-15 13:09 (History)


Attachments
Example Java Login module (5.96 KB, text/plain)
2006-11-09 12:01, Peter Lane
Details


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2006-11-03 12:08:58
I have to use username/password with anonymous GSI transport for an SC demo.
For some reason, despite setting the USERNAME, PASSWORD, and GSI_ANONYMOUS stub
properties, the login module sees the username as my certificate subject and my
password as some garbled string:

2006-11-03 10:24:41,306 DEBUG utils.DemoLoginModule
[ServiceThread-20,login:112] Required name:
<REMOVED_FROM_BUG_REPORT_FOR_SECURITY_PURPOSES>
2006-11-03 10:24:41,307 DEBUG utils.DemoLoginModule
[ServiceThread-20,login:113] Supplied name:
/DC=org/DC=doegrids/OU=People/CN=Peter G Lane 364243
2006-11-03 10:24:41,307 DEBUG utils.DemoLoginModule
[ServiceThread-20,login:114] Required password:
<REMOVED_FROM_BUG_REPORT_FOR_SECURITY_PURPOSES>
2006-11-03 10:24:41,308 DEBUG utils.DemoLoginModule
[ServiceThread-20,login:115] Supplied password: [C@538b31
------- Comment #1 From 2006-11-09 11:49:18 -------
Patch committed to trunk. Peter confirmed things work fine. Keeping this bug
open until a test is committed for this.
------- Comment #2 From 2006-11-09 12:01:16 -------
Created an attachment (id=1123) [details]
Example Java Login module

Here's the login module I'm using for my SC demo. Rename it to whatever and
copy it to wherever you think is appropriate.

Some notes for using it:

1) Edit $JAVA_HOME/jre/lib/security/java.security and uncomment the line that
looks like this (around line 78 in my file):

#login.config.url.1=file:${user.home}/.java.login.config

2) Add a ~/.java.login.config file that looks like this (changing the class
name as appropriate of course):

Login {
    org.globus.exec.service.utils.DemoLoginModule required;
};

3) Add -Djavax.security.auth.login.config=<path> to the GLOBUS_OPTIONS
environment variable in the container environment, where <path> is the path to
a password file of the following format:

name=<name>
password=<password>
usernames=<authorized username list>

The usernames should be a comma-separated list of usernames.
------- Comment #3 From 2007-02-02 17:12:58 -------
Committed patches from Deepti for automated tests for this feature. Bug open
for documentation.
------- Comment #4 From 2007-02-13 11:50:33 -------
Added automated tests along with a sample Configuration class and Login Module.
The updated documentation is available at
http://www-unix.globus.org/toolkit/docs/development/4.2-drafts/security/authzframe/authzframe-pdp.html#authzframe-pdp-userNameAuthz