You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Animesh Chaturvedi (JIRA)" <ji...@apache.org> on 2013/05/16 08:57:16 UTC

[jira] [Comment Edited] (CLOUDSTACK-2516) Create User API compability broken now

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-2516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13659257#comment-13659257 ] 

Animesh Chaturvedi edited comment on CLOUDSTACK-2516 at 5/16/13 6:56 AM:
-------------------------------------------------------------------------

Kishan can you comment on this issue? it was changed by you. I think functionality is not broken, if at user creation API was passed MD5 encoded password it will get encoded again and stores in db and same way when authenticating.
                
      was (Author: animeshc):
    Kishan can you comment on this issue? it was changed by you. I think functionality is not broken, if at user creation API was passed MD5 encoded password it will get encoded again and stores in db and same way when autmeticating.
                  
> Create User API compability broken now
> --------------------------------------
>
>                 Key: CLOUDSTACK-2516
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2516
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.1.0, 4.2.0
>            Reporter: Chip Childers
>            Assignee: Kishan Kavala
>            Priority: Blocker
>             Fix For: 4.1.0, 4.2.0
>
>
> From email thread:
> On Wed, May 15, 2013 at 04:22:14PM +0200, Ove Ewerlid wrote:
> > NB; The 402/410 deployments are on RHES64(OEL64) via RPMs built from
> > latest git repos.
> > /Ove
> > 
> > On 05/15/2013 03:02 PM, Ove Ewerlid wrote:
> > >Hi!
> > >
> > >When testing a deploy script, that works as expected with 4.0.2, on 4.1
> > >I noticed that there was a need to pass plaintext passwords to
> > >createUser, rather then the documented MD5 hash. When passing MD5 hash,
> > >the password gets double MD5:hashed in 41.
> > >
> > >There is new code in 4.1 that encodes password using the authenticator
> > >plugins (encode method);
> > >
> > >cloudstack.4.1/server/src/com/cloud/user/AccountManagerImpl.java
> > >
> > >        ...
> > >        String encodedPassword = null;
> > >         for (UserAuthenticator  authenticator : _userAuthenticators) {
> > >             encodedPassword = authenticator.encode(password);
> > >             if (encodedPassword != null) {
> > >                 break;
> > >             }
> > >         }
> > >        ...
> > >
> > >The 41 API docs still notes that an MD5 hash shall be passed in.
> > >What am I missing here?
> > >
> > >/Ove

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira