You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@uima.apache.org by "Lou DeGenaro (JIRA)" <de...@uima.apache.org> on 2017/06/06 18:57:18 UTC

[jira] [Commented] (UIMA-5440) DUCC WebServer (WS) should provide secure file-based login

    [ https://issues.apache.org/jira/browse/UIMA-5440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16039459#comment-16039459 ] 

Lou DeGenaro commented on UIMA-5440:
------------------------------------

Support for new authentication plugin specified in site.ducc.properties:

ducc.authentication.implementer=org.apache.uima.ducc.ws.authentication.SecureFileAuthenticator

User is prompted for ducc-mon login userid upon first site visit, which is kept in a cookie.  Erasure of cookie will cause re-prompt upon next visit.  User specification of alternate userid on Login panel will also cause cookie to be re-written.

User Login panel is pre-filled with login user from cookie.

Cookie arrival at WebServer (WS) causes creation of new <security-home>/.ducc/.login.pw file to be created and populated if not already in existence.  <security-home> is specified in site.ducc.properties, but defaults to user's home directory otherwise.

Each ducc-mon login attempt WS checks user specified password with the previously generated one and only a match will permit login.  

Each ducc-mon login attempt causes a replacement pw to be generated into the login.pw file, thus each pw is single use.

Password generator is Python script that generates passwords of length 8-16 characters from the letters A-Z,a-z,0-9.


> DUCC WebServer (WS) should provide secure file-based login 
> -----------------------------------------------------------
>
>                 Key: UIMA-5440
>                 URL: https://issues.apache.org/jira/browse/UIMA-5440
>             Project: UIMA
>          Issue Type: Improvement
>          Components: DUCC
>            Reporter: Lou DeGenaro
>            Assignee: Lou DeGenaro
>             Fix For: 2.2.1-Ducc
>
>
> DUCC Webserver supports a Linux-based login plugin.  Another useful login plugin (secure file) would work as follows:
> 1. generate a single use password in a file-based location that only the user can view each time a login is attempted
> 2. check the user login specified password with the generated password for a match and only then grant login



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)