Description:
Using mangled passwords with FTL JAAS module PropertyFileLoginModule.

The prebuilt JAAS login module PropertyFileLoginModule uses username and passwords provided in a text file in the JAAS module configuration. This module can only read clear text passwords. If the passwords are mangled using tibrealmadmin utility or FTL Admin APIs then this module fails to authenticate users. Attached is a modified JAAS module (Filename: customJaasModule.jar) which internally uses the FTL Admin API to unmangle the passwords. This JAAS module can be used with both mangled and clear text passwords in the text file.

Starting FTL Realm Server with customJaasModule.jar .

1). Update the CLASSPATH in tibrealmserver.bat or tibrealmserver file in FTL_HOME/bin to include customJaasModule.jar .

2). Update the ftl.jaas file to use PropertyFileLoginModuleMangled as follows.

 

tibrealmserver {
       com.tibco.ftl.jaas.PropertyFileLoginModuleMangled required
       debug="true"
       file="full path of users.txt";
};

3). Update the users.txt with the mangled password using tw command  tibrealmadmin --mangle <password>

4). Start the server using the updated tibrealmserver.bat or tibrealmserver.

Example: ./tibrealserver -d <path to data directory> -ht localhost:8080 -j <path to ftl.jaas>

The source code (Filename:PropertyFileLoginModuleMangled.java) has been attached for reference. You will need to have the following two JARs in the CLASSPATH for compiling the Java file.

realmserver.jar
jetty9-all.jar

Using mangled passwords with FTL JAAS module PropertyFileLoginModule.