Red Hat Bugzilla – Bug 1254194
(6.4.z) Differently implemented password-stacking option in ClientLoginModule
Last modified: 2017-01-17 08:11:33 EST
In case when some login module should use password stacking then value of password-stacking option should be set to useFirstPass. All login modules should respect it. However implemetation of org.jboss.security.ClientLoginModule uses password-stacking differently - it uses password stacking everytime when some value is set for password-stacking option (even value false). It should work same as other login modules. Current behavior can be confusing and can lead to incorrectly set server configuration.
Ryan Emerson <firstname.lastname@example.org> updated the status of jira SECURITY-903 to Resolved
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see email@example.com with any questions
Verified with EAP 6.4.12.CP.CR1;
Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.