You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[10:41] gscheuler: I have been looking at jaas documentation and it seems "guest login" is a feature that mirrors my symptoms
[10:41] • User logs in with a blank password—the properties login module fails to authenticate the user, and authentication proceeds to the guest login module. The guest login module successfully authenticates the user and returns the guest principal.
[10:42] is there a way to disable this feature - or set a flag that basically disallows blank passwords in the password field?
The text was updated successfully, but these errors were encountered:
If you supply an empty string, an empty byte/char array, or null to the Context.SECURITY_CREDENTIALS environment property, then an anonymous bind will occur even if the Context.SECURITY_AUTHENTICATION property was set to "simple". This is because for simple authentication, the LDAP requires the password to be nonempty. If a password is not supplied, then the protocol automatically converts the authentication to "none".
In certain jaas / active directory configurations, it is possible to authenticate against AD without providing a password.
From http://webchat.freenode.net/rundeck ...
[10:41] gscheuler: I have been looking at jaas documentation and it seems "guest login" is a feature that mirrors my symptoms
[10:41] • User logs in with a blank password—the properties login module fails to authenticate the user, and authentication proceeds to the guest login module. The guest login module successfully authenticates the user and returns the guest principal.
[10:42] is there a way to disable this feature - or set a flag that basically disallows blank passwords in the password field?
The text was updated successfully, but these errors were encountered: