You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@uima.apache.org by "Lou DeGenaro (JIRA)" <de...@uima.apache.org> on 2017/06/06 18:57:18 UTC
[jira] [Commented] (UIMA-5440) DUCC WebServer (WS) should provide
secure file-based login
[ https://issues.apache.org/jira/browse/UIMA-5440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16039459#comment-16039459 ]
Lou DeGenaro commented on UIMA-5440:
------------------------------------
Support for new authentication plugin specified in site.ducc.properties:
ducc.authentication.implementer=org.apache.uima.ducc.ws.authentication.SecureFileAuthenticator
User is prompted for ducc-mon login userid upon first site visit, which is kept in a cookie. Erasure of cookie will cause re-prompt upon next visit. User specification of alternate userid on Login panel will also cause cookie to be re-written.
User Login panel is pre-filled with login user from cookie.
Cookie arrival at WebServer (WS) causes creation of new <security-home>/.ducc/.login.pw file to be created and populated if not already in existence. <security-home> is specified in site.ducc.properties, but defaults to user's home directory otherwise.
Each ducc-mon login attempt WS checks user specified password with the previously generated one and only a match will permit login.
Each ducc-mon login attempt causes a replacement pw to be generated into the login.pw file, thus each pw is single use.
Password generator is Python script that generates passwords of length 8-16 characters from the letters A-Z,a-z,0-9.
> DUCC WebServer (WS) should provide secure file-based login
> -----------------------------------------------------------
>
> Key: UIMA-5440
> URL: https://issues.apache.org/jira/browse/UIMA-5440
> Project: UIMA
> Issue Type: Improvement
> Components: DUCC
> Reporter: Lou DeGenaro
> Assignee: Lou DeGenaro
> Fix For: 2.2.1-Ducc
>
>
> DUCC Webserver supports a Linux-based login plugin. Another useful login plugin (secure file) would work as follows:
> 1. generate a single use password in a file-based location that only the user can view each time a login is attempted
> 2. check the user login specified password with the generated password for a match and only then grant login
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)