-
Enhancement
-
Resolution: Fixed
-
P3
-
5.0, 9, 10
-
b36
-
generic
-
generic
Name: mc120937 Date: 03/18/2004
Currently, user/password are stored in cleartext in jmxremote.password
file. jmxmreote.password file must be read-only by owner only.
Hashing the password is a good refinement scheme and will
also allow sharing of a password file by multiple users
of a group.
--------------------------------------
Vincent Ryan wrote:
Here are some details on the password hashing mechanism
that's used in the prototype:
http://developer.netscape.com/docs/technote/ldap/pass_sha.html
The Salted Secure Hash Algorithm (SSHA) mechanism is the default password
storage mechanism used in our LDAP Directory Server product today:
http://docs.sun.com/source/816-6700-10/aci.html#14932
The one-way hash protects against password disclosure, the salt protects
against pre-computed-hash dictionary attacks.
------------------------
Changes included:
* Replace plaintext passwords by hashed passwords
======================================================================
- duplicates
-
JDK-6740543 Add support for encrypted passwords in the jmxremote.password file
-
- Closed
-
- relates to
-
JDK-8192909 Invalid username or password in HashedPasswordFileTest.java
-
- Closed
-