You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@karaf.apache.org by Steubert Ebenezer <st...@altencalsoftlabs.com> on 2018/06/11 07:27:23 UTC

Salt and hash karaf CLI user passwords

Hi,

 

We need to salt and hash the karaf CLI user passwords. 

 

We installed jasypt (feature:install jasypt) on opendaylight controller and
modified [karf.dir]/etc/org.apache.karaf.jaas.cfg as below.

encryption.name = jasypt

encryption.saltSizeBytes = 16

Now we created two new karaf CLI users with the same password.

opendaylight-user@root>jaas:user-add steubert karaf

opendaylight-user@root>jaas:user-add kathir karaf

opendaylight-user@root>jaas:update

Now if we check [karf.dir]/etc/users.properties file we see the encrypted
passwords are different

steubert =
{CRYPT}PH/RiJ/ZH2ss0TyKt/zY0qlrnYSHfCUsg4K3SODMfeQGDUD0fa944UKpJtQqxHyxf/8O6
6+Pyspk6SckxJswEza+sW+cIZ7U{CRYPT}

kathir =
{CRYPT}jqR3DDw6+RRuAbImxj46w4uunR3gLTENWi1JGzhcVr+ka1S9Tq1qFafGR/FyIc9FQGhGF
7NyyGkqPf/gJKff45zbqvAEYaJZ{CRYPT}

 

We have below questions on this.

*	How can we ensure if salting is happening here
*	Where are the salts stored 
*	How does the login module authenticate the users if the salts are
not stored in any of the files

 

Thanks,

Steubert.

M: +91 9620610073

Re: Salt and hash karaf CLI user passwords

Posted by Francois Papon <fr...@openobject.fr>.

Hi,

Which version of Karaf are you using ?

François Papon
fpapon@apache.org
Open3m - https://www.open3m.io

Le 11/06/2018 à 11:27, Steubert Ebenezer a écrit :
> Hi,
>
>  
>
> We need to salt and hash the karaf CLI user passwords. 
>
>  
>
> We installed jasypt (feature:install jasypt) on opendaylight controller and
> modified [karf.dir]/etc/org.apache.karaf.jaas.cfg as below.
>
> encryption.name = jasypt
>
> encryption.saltSizeBytes = 16
>
> Now we created two new karaf CLI users with the same password.
>
> opendaylight-user@root>jaas:user-add steubert karaf
>
> opendaylight-user@root>jaas:user-add kathir karaf
>
> opendaylight-user@root>jaas:update
>
> Now if we check [karf.dir]/etc/users.properties file we see the encrypted
> passwords are different
>
> steubert =
> {CRYPT}PH/RiJ/ZH2ss0TyKt/zY0qlrnYSHfCUsg4K3SODMfeQGDUD0fa944UKpJtQqxHyxf/8O6
> 6+Pyspk6SckxJswEza+sW+cIZ7U{CRYPT}
>
> kathir =
> {CRYPT}jqR3DDw6+RRuAbImxj46w4uunR3gLTENWi1JGzhcVr+ka1S9Tq1qFafGR/FyIc9FQGhGF
> 7NyyGkqPf/gJKff45zbqvAEYaJZ{CRYPT}
>
>  
>
> We have below questions on this.
>
> *	How can we ensure if salting is happening here
> *	Where are the salts stored 
> *	How does the login module authenticate the users if the salts are
> not stored in any of the files
>
>  
>
> Thanks,
>
> Steubert.
>
> M: +91 9620610073
>
>  
>
>