You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by ep...@apache.org on 2024/02/12 13:59:05 UTC

(solr) branch main updated: Update password hash documentation on basic authentication (#2257)

This is an automated email from the ASF dual-hosted git repository.

epugh pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/main by this push:
     new 2af9197e49c Update password hash documentation on basic authentication (#2257)
2af9197e49c is described below

commit 2af9197e49ccf21b881a0588859ebbd7564aa9d5
Author: Matteias Collet <ma...@protonmail.ch>
AuthorDate: Mon Feb 12 14:58:59 2024 +0100

    Update password hash documentation on basic authentication (#2257)
    
    Co-authored-by: Eric Pugh <ep...@opensourceconnections.com>
    Co-authored-by: Jan Høydahl <jh...@cominvent.com>
---
 .../modules/deployment-guide/pages/basic-authentication-plugin.adoc   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/solr/solr-ref-guide/modules/deployment-guide/pages/basic-authentication-plugin.adoc b/solr/solr-ref-guide/modules/deployment-guide/pages/basic-authentication-plugin.adoc
index e649f4a51a2..bfc998021ab 100644
--- a/solr/solr-ref-guide/modules/deployment-guide/pages/basic-authentication-plugin.adoc
+++ b/solr/solr-ref-guide/modules/deployment-guide/pages/basic-authentication-plugin.adoc
@@ -29,7 +29,7 @@ This file and where to put it is described in detail in the section xref:authent
 If running in cloud mode, you can use the `bin/solr auth` command-line utility to enable security for a new installation, see: `bin/solr auth --help` for more details.
 
 For Basic authentication, `security.json` must have an `authentication` block which defines the class being used for authentication.
-Usernames and passwords (as a sha256(password+salt) hash) could be added when the file is created, or can be added later with the Authentication API, described below.
+Usernames and passwords (Format: `base64(sha256(sha256(salt+password)) base64(salt)`) could be added when the file is created, or can be added later with the Authentication API, described below.
 
 An example `security.json` showing `authentication` and `authorization` blocks is shown below to show how authentication and authorization plugins can work together:
 
@@ -55,7 +55,7 @@ There are several options defined in this example:
 
 <1> The first block defines the authentication plugin to be used and its parameters.
 <2> The parameter `"blockUnknown":true` means that unauthenticated requests are not allowed to pass through.
-<3> A user called 'solr', with a password `'SolrRocks'` has been defined.
+<3> A user called 'solr', with a password `'SolrRocks'`, in the encoded format detailed above, has been defined.
 <4> We override the `realm` property to display another text on the login prompt.
 <5> The parameter `"forwardCredentials":false` means we let Solr's PKI authenticaion handle distributed request instead of forwarding the Basic Auth header.