The LDAPLoginModule supports masked passwords directly. It doesn't matter what the name of the file is assuming the "java.security.auth.login.config" system property is being set correctly.
There are several tests of this functionality in the code-base. Here is the configuration for one of them [1]. There are no failures for these tests in any recent release so I would expect it to work. My guess is that "login.properties" is being used in lieu of "login.config" incorrectly. It's not normal to change the name of this file. Check the environment to ensure that "-Djava.security.auth.login.config=login.properties" somewhere (e.g. etc/artemis.profile). If you can't find it being set anywhere then the broker will use the default "login.config." Justin [1] https://github.com/apache/activemq-artemis/blob/fa002728f2548d540a6b131c1c07d1d2803a331a/artemis-server/src/test/resources/login.config#L176 On Tue, Jul 26, 2022 at 3:43 PM Andrew Pomponio <apompo...@perforce.com> wrote: > Hello Artemis Users, > > We have a user that is using 2.21.0 of Artemis, and they are attempting to > mask the password being used in login.properties. The password is to a LDAP > server. When testing, and placing the password in plain text into the > login.properties file, Artemis is able to authenticate no problem. This > user would like to obfuscate the password in login.properties for security > purposes, and ran the following command to generate a non-hashed masked > password: > > ./artemis mask xyz > > The generated masked password was then placed into login.properties as > follows: > > connectionPassword="ENC(maskofxyz)" > > When attempting to use the masked password, Artemis logs the following > error in artemis.log: > > 2022-07-19 11:26:08,144 ERROR [org.apache.activemq.artemis.core.server] > AMQ224084: Failed to open context: javax.naming.AuthenticationException: > [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: > AcceptSecurityContext error, data 52e, v4563�] > > I researched this error which details that it's an authentication failure. > We did notice the user had changed the name of the configuration for login > to login.properties, and I am not finding any references to that file out > there now. The documentation mentions that this technique works with > login.config but does not mention login.properties. My question to the > community, is simply does this feature work in 2.21.0 the way this user is > intending it to work? Is there an issue with the fact that the config file > is named login.properties instead of login.config? Can you possibly confirm > if this is a known issue? > > > Andrew Pomponio | Associate Enterprise Architect, OpenLogic< > https://www.openlogic.com/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2019-common&utm_content=email-signature-link > > > Perforce Software< > http://www.perforce.com/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link > > > P: +1 612.517.2100 <tel:> > Visit us on: LinkedIn< > https://www.linkedin.com/company/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> > | Twitter< > https://twitter.com/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> > | Facebook< > https://www.facebook.com/perforce/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> > | YouTube< > https://www.youtube.com/user/perforcesoftware?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link > > > > Coming in April: Use our new Community portal to submit/track support > cases!< > https://www.perforce.com/support/community-portal-faq?utm_source=sales-signature&utm_medium=email&utm_campaign=community-portal-faq&utm_content=resource?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link > > > > > > This e-mail may contain information that is privileged or confidential. If > you are not the intended recipient, please delete the e-mail and any > attachments and notify us immediately. > >
