Bug 1254194

Summary: (6.4.z) Differently implemented password-stacking option in ClientLoginModule
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Ondrej Lukas <olukas>
Component: SecurityAssignee: Ryan Emerson <remerson>
Status: CLOSED CURRENTRELEASE QA Contact: Josef Cacek <jcacek>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.4.0CC: anmiller, bbaranow, bdawidow, bmaxwell, darran.lofthouse, ihradek, msochure, ppalaga, pskopek, remerson, rsvoboda
Target Milestone: CR1   
Target Release: EAP 6.4.12   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-17 13:11:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1274287, 1375585    

Description Ondrej Lukas 2015-08-17 12:05:23 UTC 
In case when some login module should use password stacking then value of password-stacking option should be set to useFirstPass. All login modules should respect it. However implemetation of org.jboss.security.ClientLoginModule uses password-stacking differently - it uses password stacking everytime when some value is set for password-stacking option (even value false). It should work same as other login modules. Current behavior can be confusing and can lead to incorrectly set server configuration.
Comment 5 JBoss JIRA Server 2015-09-16 09:03:05 UTC 
Ryan Emerson <remerson> updated the status of jira SECURITY-903 to Resolved
Comment 6 Mike McCune 2016-03-28 23:25:37 UTC 
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Comment 7 Ivo Hradek 2016-11-25 10:17:31 UTC 
Verified with EAP 6.4.12.CP.CR1;
Comment 8 Petr Penicka 2017-01-17 13:11:33 UTC 
Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.