You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@karaf.apache.org by Steubert Ebenezer <st...@altencalsoftlabs.com> on 2018/06/11 07:27:23 UTC
Salt and hash karaf CLI user passwords
Hi,
We need to salt and hash the karaf CLI user passwords.
We installed jasypt (feature:install jasypt) on opendaylight controller and
modified [karf.dir]/etc/org.apache.karaf.jaas.cfg as below.
encryption.name = jasypt
encryption.saltSizeBytes = 16
Now we created two new karaf CLI users with the same password.
opendaylight-user@root>jaas:user-add steubert karaf
opendaylight-user@root>jaas:user-add kathir karaf
opendaylight-user@root>jaas:update
Now if we check [karf.dir]/etc/users.properties file we see the encrypted
passwords are different
steubert =
{CRYPT}PH/RiJ/ZH2ss0TyKt/zY0qlrnYSHfCUsg4K3SODMfeQGDUD0fa944UKpJtQqxHyxf/8O6
6+Pyspk6SckxJswEza+sW+cIZ7U{CRYPT}
kathir =
{CRYPT}jqR3DDw6+RRuAbImxj46w4uunR3gLTENWi1JGzhcVr+ka1S9Tq1qFafGR/FyIc9FQGhGF
7NyyGkqPf/gJKff45zbqvAEYaJZ{CRYPT}
We have below questions on this.
* How can we ensure if salting is happening here
* Where are the salts stored
* How does the login module authenticate the users if the salts are
not stored in any of the files
Thanks,
Steubert.
M: +91 9620610073
Re: Salt and hash karaf CLI user passwords
Posted by Francois Papon <fr...@openobject.fr>.
Hi,
Which version of Karaf are you using ?
François Papon
fpapon@apache.org
Open3m - https://www.open3m.io
Le 11/06/2018 à 11:27, Steubert Ebenezer a écrit :
> Hi,
>
>
>
> We need to salt and hash the karaf CLI user passwords.
>
>
>
> We installed jasypt (feature:install jasypt) on opendaylight controller and
> modified [karf.dir]/etc/org.apache.karaf.jaas.cfg as below.
>
> encryption.name = jasypt
>
> encryption.saltSizeBytes = 16
>
> Now we created two new karaf CLI users with the same password.
>
> opendaylight-user@root>jaas:user-add steubert karaf
>
> opendaylight-user@root>jaas:user-add kathir karaf
>
> opendaylight-user@root>jaas:update
>
> Now if we check [karf.dir]/etc/users.properties file we see the encrypted
> passwords are different
>
> steubert =
> {CRYPT}PH/RiJ/ZH2ss0TyKt/zY0qlrnYSHfCUsg4K3SODMfeQGDUD0fa944UKpJtQqxHyxf/8O6
> 6+Pyspk6SckxJswEza+sW+cIZ7U{CRYPT}
>
> kathir =
> {CRYPT}jqR3DDw6+RRuAbImxj46w4uunR3gLTENWi1JGzhcVr+ka1S9Tq1qFafGR/FyIc9FQGhGF
> 7NyyGkqPf/gJKff45zbqvAEYaJZ{CRYPT}
>
>
>
> We have below questions on this.
>
> * How can we ensure if salting is happening here
> * Where are the salts stored
> * How does the login module authenticate the users if the salts are
> not stored in any of the files
>
>
>
> Thanks,
>
> Steubert.
>
> M: +91 9620610073
>
>
>
>