Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1076

Kerberos failed password elevate exception to classified

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.2.1
    • Fix Version/s: 3.3.0
    • Component/s: Authentication
    • Labels:
      None
    • Operating System:
      Multiple

      Description

      The Password authentication flow when used with a Kerberos backend may produce an exception when the user enters an incorrect password with the text "Checksum failed".

      The suggestion is to amend password-authn-config.xml, and specifically change

      <entry key="InvalidPassword">
      <list>
      <value>InvalidCredentials</value>
      <value>PREAUTH_FAILED</value>
      <value>INVALID_CREDENTIALS</value>
      </list>
      </entry>

      to be instead

      <entry key="InvalidPassword">
      <list>
      <value>InvalidCredentials</value>
      <value>PREAUTH_FAILED</value>
      <value>INVALID_CREDENTIALS</value>
      <value>Checksum failed</value>
      </list>
      </entry>

      to promote the exception to be a classified error.

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            scott.koranda@ligo.org Scott Koranda
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: