Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-2032

Non-domain NTLM Authentication - User can login in portal entering wrong password.

    Details

      Description

      User can login in portal entering wrong password.

      I enable NTLM autentication,
      and LDAP importing users from my AD.

      Open browser (firefox, safari) outside domain
      click on sign in and the browser asks for username and password
      via browser standard form
      now insert a correct username and a wrong password
      portal recognize me without checking password

      I think this is a big security problem.

      How can I force password checking keeping NTLM authentication active?
      Am I missing something?

      Final note: AD keeps password encripted
      and disabling NTLM i cannot login in portal, so i need NTLM.

      Regards,
      Luca
      found was already in forum but cannot find solutions
      http://www.liferay.com/web/guest/community/forums/-/message_boards/message/310580

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  7 years, 38 weeks, 2 days ago