3 Replies Latest reply on Aug 31, 2004 7:34 AM by Andrejs Opsis

    how to secure passwords in login-config.xml ?

    Andrejs Opsis Newbie

      the file login-config.xml contains plain password masterkey:
      ===============================
      <application-policy name = "FirebirdDBRealm">

      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
      flag = "required">
      <module-option name = "principal">sysdba</module-option>
      <module-option name = "userName">sysdba</module-option>
      <module-option name = "password"> masterkey </module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option>
      </login-module>

      </application-policy>

      =====================
      how to secure passwords in login-config.xml ?

        • 2. Re: how to secure passwords in login-config.xml ?
          Andrejs Opsis Newbie

          I studied docs and your link about securing datasource passwords.
          Tried to make as written, but it doesn't works in my situation.

          IDEA: Client is authentificated using DB via "DatabaseServerLoginModule"
          Client sends plain password but on server it is hashed in compared
          with passwd field value that also is hashed
          I need hide password in -ds.xml.
          Client App logins to server using Security domain "IBAuthDomain"
          user name and password is stored in DB in hashed view.
          This configs works fine while
          datasource not using <security-domain>IBSimpleDomain</>
          but use sysdba masterkey in -ds.xml.

          If I
          comment in -ds.xml

          <user-name>sysdba</user-name>
           <password>masterkey</password>


          uncomment
          <!-- <security-domain>IBSimpleDomain</security-domain> -->


          Error occures because principal = null


          Whats wrong ?
          Thanks.


          FILE: D:\JAVA\jboss-3.2.5\server\all\conf\login-config.xml
          
          #############################################################
          
          <application-policy name = "IBSimpleDomain">
           <authentication>
           <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required">
           <module-option name = "UserName">sysdba</module-option>
           <module-option name = "Password">667f11fbdfef90b6d7b145018f031a36</module-option>
           <module-option name = "managedConnectionFactoryName">jboss.jca:servce=LocalTxCM,name=IBAuthDS1</module-option>
           <module-option name = "debug">true</module-option>
           </login-module>
           </authentication>
          </application-policy>
          
          
          <application-policy name = "IBAuthDomain">
           <authentication>
           <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
           <module-option name = "hashAlgorithm">MD5</module-option>
           <module-option name = "hashEncoding">base64</module-option>
           <module-option name = "dsJndiName">java:/IBAuthDS1</module-option>
           <module-option name = "principalsQuery">select USER_PASS from USERS u where u.USER_NAME=?</module-option>
           <module-option name = "rolesQuery">
           SELECT ROLE_NAME, 'Roles'
           FROM USERS U, USERS_GROUPS UG, GROUPS G,
           GROUPS_ROLES GP, ROLES R
           WHERE U.USER_ID = UG.USER_ID AND UG.GROUP_ID = G.GROUP_ID AND
           G.GROUP_ID = GP.GROUP_ID AND GP.ROLE_ID = R.ROLE_ID
           AND U.USER_NAME = ?
           </module-option>
           <module-option name = "debug">true</module-option>
           </login-module>
           </authentication>
          </application-policy>
          
          
          
          #############################################################
          
          FILE: D:\JAVA\jboss-3.2.5\server\all\deploy\ibauth-ds.xml
          
          #############################################################
          
          <?xml version="1.0" encoding="UTF-8"?>
          <!-- ==================================================================== -->
          <!-- New ConnectionManager setup for firebird dbs using jca-jdbc xa driver-->
          <!-- Build jmx-api (build/build.sh all) and view for config documentation -->
          <!-- ==================================================================== -->
          <connection-factories>
           <tx-connection-factory>
           <jndi-name>IBAuthDS1</jndi-name>
           <xa-transaction/>
           <adapter-display-name>Firebird Database Connector</adapter-display-name>
           <config-property name="Database" type="java.lang.String">localhost/3050:D:/JWORK/db/jfina.fdb</config-property>
           <user-name>sysdba</user-name>
           <password>masterkey</password>
          <!-- <security-domain>IBSimpleDomain</security-domain> -->
           <min-pool-size>5</min-pool-size>
           </tx-connection-factory>
          </connection-factories>
          


          • 3. Re: how to secure passwords in login-config.xml ?
            Andrejs Opsis Newbie

            Everything works fine with config ( may be it bacause of CASE for keys username, password, and jboss.jca:service=TxCM not XaTxCM I don't know I absolute newbie sorry) :

            <application-policy name = "IBSimpleDomain">
             <authentication>
             <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required">
             <module-option name = "username">sysdba</module-option>
             <module-option name = "password">667f11fbdfef90b6d7b145018f031a36</module-option>
             <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=IBAuthDS1</module-option>
             <module-option name = "debug">true</module-option>
             </login-module>
             </authentication>
            </application-policy>