52e is Active Directory-ese for “the password for this user is wrong”. I use masking in an earlier release and it works fine, so I’d look at whether the hash was generated correctly, since we can surmise from that error code that Artemis decoded and sent something as the credential successfully. Common causes for this are things like spaces or other special characters in the user’s password (which affect the command line tool used to generate the hash) or a mistyping of the password when used as input to the mask command. If your client can use a different account with a simpler password, that’d help narrow that down.
If you really had to, you could implement a custom codec that extends the default codec (I am assuming you’re using the default per “The Default Codec” section of https://activemq.apache.org/components/artemis/documentation/latest/masking-passwords#the-default-codec) and outputs your decoded string from the superclass decode() before returning it from your own implementation of decode() to help figure it out, but hopefully it’s just a data entry error. Sent from my iPhone > On Jul 26, 2022, at 4:43 PM, Andrew Pomponio <apompo...@perforce.com> wrote: > > Hello Artemis Users, > > We have a user that is using 2.21.0 of Artemis, and they are attempting to > mask the password being used in login.properties. The password is to a LDAP > server. When testing, and placing the password in plain text into the > login.properties file, Artemis is able to authenticate no problem. This user > would like to obfuscate the password in login.properties for security > purposes, and ran the following command to generate a non-hashed masked > password: > > ./artemis mask xyz > > The generated masked password was then placed into login.properties as > follows: > > connectionPassword="ENC(maskofxyz)" > > When attempting to use the masked password, Artemis logs the following error > in artemis.log: > > 2022-07-19 11:26:08,144 ERROR [org.apache.activemq.artemis.core.server] > AMQ224084: Failed to open context: javax.naming.AuthenticationException: > [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: > AcceptSecurityContext error, data 52e, v4563�] > > I researched this error which details that it's an authentication failure. We > did notice the user had changed the name of the configuration for login to > login.properties, and I am not finding any references to that file out there > now. The documentation mentions that this technique works with login.config > but does not mention login.properties. My question to the community, is > simply does this feature work in 2.21.0 the way this user is intending it to > work? Is there an issue with the fact that the config file is named > login.properties instead of login.config? Can you possibly confirm if this is > a known issue? > > > Andrew Pomponio | Associate Enterprise Architect, > OpenLogic<https://www.openlogic.com/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2019-common&utm_content=email-signature-link> > Perforce > Software<http://www.perforce.com/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> > P: +1 612.517.2100 <tel:> > Visit us on: > LinkedIn<https://www.linkedin.com/company/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> > | > Twitter<https://twitter.com/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> > | > Facebook<https://www.facebook.com/perforce/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> > | > YouTube<https://www.youtube.com/user/perforcesoftware?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> > > Coming in April: Use our new Community portal to submit/track support > cases!<https://www.perforce.com/support/community-portal-faq?utm_source=sales-signature&utm_medium=email&utm_campaign=community-portal-faq&utm_content=resource?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> > > > > This e-mail may contain information that is privileged or confidential. If > you are not the intended recipient, please delete the e-mail and any > attachments and notify us immediately. >
