You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Radhika Puthiyetath <ra...@citrix.com> on 2013/08/08 10:52:03 UTC
[Doc] Default Password Encoding Mechanism, SHA256Salt, Doc for
Review
Hi,
Default Password Encoding Mechanism, SHA256Salt, Doc is ready for review. The doc is attached at https://issues.apache.org/jira/browse/CLOUDSTACK-1815.
Please provide your feedback.
Regards
-Radhika
RE: [Doc] Default Password Encoding Mechanism, SHA256Salt, Doc for
Review
Posted by Vijayendra Bhamidipati <vi...@citrix.com>.
Hi Radhika,
A few corrections need to be made:
1)
"A new configurable list called UserPasswordEncoders to allow you to separately configure the order of preference for encoding and authentication schemes."
Please change the above line to:
"Two new configurable lists have been introduced - userPasswordEncoders to allow you to configure the order of preference for encoding passwords, and userAuthenticators to allow you to configure the order in which authentication schemes are invoked to validate user passwords".
2)
"Additionally, plain text user authenticator has been changed to use SHA256SALT as the default encoding algorithm because it is more secure compared to MD5 hashing."
Please change the above line to:
"Additionally, the plain text user authenticator has been modified not to convert supplied passwords to their md5 sums before checking them with the db entries."
3)
When I had checked in the code for this feature as part of commit # 2dbdc46337be375940441ac4b41f95f25bbbf21d, I had defined the above lists in applicationContext.xml, instead of having them separately defined in both componentContext.xml and nonossComponentContext.xml - but they've been moved back into these files, so now the explanation should explicitly state that if nonoss components like vmware environments are to be deployed, the userPasswordEncoders and userAuthenticators lists need to be modified in the nonossComponentContext.xml file, or otherwise, for oss environments like XenServer or KVM etc, the ComponentContext.xml file. Please add a sentence or two to this effect after this sentence: "The order of authentication schemes is determined by the UserAuthenticators property in the same files." Please also add that it is recommended to make uniform changes across both files. Please also make changes to the other sentences that refer to either of these files, accordingly.
Rest all looks good.
Thanks!
Regards,
Vijay.
From: Radhika Puthiyetath
Sent: Thursday, August 08, 2013 1:52 AM
To: users@cloudstack.apache.org; dev@cloudstack.apache.org; Vijayendra Bhamidipati; Sudha Ponnaganti
Subject: [Doc] Default Password Encoding Mechanism, SHA256Salt, Doc for Review
Hi,
Default Password Encoding Mechanism, SHA256Salt, Doc is ready for review. The doc is attached at https://issues.apache.org/jira/browse/CLOUDSTACK-1815.
Please provide your feedback.
Regards
-Radhika
RE: [Doc] Default Password Encoding Mechanism, SHA256Salt, Doc for
Review
Posted by Vijayendra Bhamidipati <vi...@citrix.com>.
Hi Radhika,
A few corrections need to be made:
1)
"A new configurable list called UserPasswordEncoders to allow you to separately configure the order of preference for encoding and authentication schemes."
Please change the above line to:
"Two new configurable lists have been introduced - userPasswordEncoders to allow you to configure the order of preference for encoding passwords, and userAuthenticators to allow you to configure the order in which authentication schemes are invoked to validate user passwords".
2)
"Additionally, plain text user authenticator has been changed to use SHA256SALT as the default encoding algorithm because it is more secure compared to MD5 hashing."
Please change the above line to:
"Additionally, the plain text user authenticator has been modified not to convert supplied passwords to their md5 sums before checking them with the db entries."
3)
When I had checked in the code for this feature as part of commit # 2dbdc46337be375940441ac4b41f95f25bbbf21d, I had defined the above lists in applicationContext.xml, instead of having them separately defined in both componentContext.xml and nonossComponentContext.xml - but they've been moved back into these files, so now the explanation should explicitly state that if nonoss components like vmware environments are to be deployed, the userPasswordEncoders and userAuthenticators lists need to be modified in the nonossComponentContext.xml file, or otherwise, for oss environments like XenServer or KVM etc, the ComponentContext.xml file. Please add a sentence or two to this effect after this sentence: "The order of authentication schemes is determined by the UserAuthenticators property in the same files." Please also add that it is recommended to make uniform changes across both files. Please also make changes to the other sentences that refer to either of these files, accordingly.
Rest all looks good.
Thanks!
Regards,
Vijay.
From: Radhika Puthiyetath
Sent: Thursday, August 08, 2013 1:52 AM
To: users@cloudstack.apache.org; dev@cloudstack.apache.org; Vijayendra Bhamidipati; Sudha Ponnaganti
Subject: [Doc] Default Password Encoding Mechanism, SHA256Salt, Doc for Review
Hi,
Default Password Encoding Mechanism, SHA256Salt, Doc is ready for review. The doc is attached at https://issues.apache.org/jira/browse/CLOUDSTACK-1815.
Please provide your feedback.
Regards
-Radhika