Bug 4837 – Username/password not working.

Bug 4837 - Username/password not working.

Summary:

Username/password not working.

Status:	RESOLVED FIXED

Product:	Java WS Security
Component:	Authentication
Version:	unspecified
Platform:	PC Linux

Importance:	P3 normal
Target Milestone:	4.2.0
Assigned To:	Deepti Kodeboyina

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2006-11-03 12:08 by Peter Lane
Modified:	2007-02-15 13:09 (History)

Attachments
Example Java Login module (5.96 KB, text/plain) 2006-11-09 12:01, Peter Lane	Details
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Peter Lane 2006-11-03 12:08:58

I have to use username/password with anonymous GSI transport for an SC demo.
For some reason, despite setting the USERNAME, PASSWORD, and GSI_ANONYMOUS stub
properties, the login module sees the username as my certificate subject and my
password as some garbled string:

2006-11-03 10:24:41,306 DEBUG utils.DemoLoginModule
[ServiceThread-20,login:112] Required name:
<REMOVED_FROM_BUG_REPORT_FOR_SECURITY_PURPOSES>
2006-11-03 10:24:41,307 DEBUG utils.DemoLoginModule
[ServiceThread-20,login:113] Supplied name:
/DC=org/DC=doegrids/OU=People/CN=Peter G Lane 364243
2006-11-03 10:24:41,307 DEBUG utils.DemoLoginModule
[ServiceThread-20,login:114] Required password:
<REMOVED_FROM_BUG_REPORT_FOR_SECURITY_PURPOSES>
2006-11-03 10:24:41,308 DEBUG utils.DemoLoginModule
[ServiceThread-20,login:115] Supplied password: [C@538b31

------- Comment #1 From Rachana Ananthakrishnan 2006-11-09 11:49:18 -------

Patch committed to trunk. Peter confirmed things work fine. Keeping this bug
open until a test is committed for this.

------- Comment #2 From Peter Lane 2006-11-09 12:01:16 -------

Created an attachment (id=1123) [details]
Example Java Login module

Here's the login module I'm using for my SC demo. Rename it to whatever and
copy it to wherever you think is appropriate.

Some notes for using it:

1) Edit $JAVA_HOME/jre/lib/security/java.security and uncomment the line that
looks like this (around line 78 in my file):

#login.config.url.1=file:${user.home}/.java.login.config

2) Add a ~/.java.login.config file that looks like this (changing the class
name as appropriate of course):

Login {
    org.globus.exec.service.utils.DemoLoginModule required;
};

3) Add -Djavax.security.auth.login.config=<path> to the GLOBUS_OPTIONS
environment variable in the container environment, where <path> is the path to
a password file of the following format:

name=<name>
password=<password>
usernames=<authorized username list>

The usernames should be a comma-separated list of usernames.

------- Comment #3 From Rachana Ananthakrishnan 2007-02-02 17:12:58 -------

Committed patches from Deepti for automated tests for this feature. Bug open
for documentation.

------- Comment #4 From Deepti Kodeboyina 2007-02-13 11:50:33 -------

Added automated tests along with a sample Configuration class and Login Module.
The updated documentation is available at
http://www-unix.globus.org/toolkit/docs/development/4.2-drafts/security/authzframe/authzframe-pdp.html#authzframe-pdp-userNameAuthz