cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From radh...@apache.org
Subject git commit: updated refs/heads/4.2-forward to d0ad805
Date Tue, 27 Aug 2013 06:57:15 GMT
Updated Branches:
  refs/heads/4.2-forward 239281a40 -> d0ad80530


review comments for CLOUDSTACK-1815


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d0ad8053
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d0ad8053
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d0ad8053

Branch: refs/heads/4.2-forward
Commit: d0ad80530f9f7a62464497a7d39ccd63958463a1
Parents: 239281a
Author: radhikap <radhika.puthiyetath@citrix.com>
Authored: Tue Aug 27 12:26:28 2013 +0530
Committer: radhikap <radhika.puthiyetath@citrix.com>
Committed: Tue Aug 27 12:26:57 2013 +0530

----------------------------------------------------------------------
 docs/en-US/password-storage-engine.xml | 30 +++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d0ad8053/docs/en-US/password-storage-engine.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/password-storage-engine.xml b/docs/en-US/password-storage-engine.xml
index 0566105..8bbc96f 100644
--- a/docs/en-US/password-storage-engine.xml
+++ b/docs/en-US/password-storage-engine.xml
@@ -22,11 +22,13 @@
 <section id="password-storage-engine">
   <title>Changing the Default Password Encryption</title>
   <para>Passwords are encoded when creating or updating users. &PRODUCT; allows
you to determine the
-    default encoding and authentication mechanism for admin and user logins. A new configurable
list
-    called <code>UserPasswordEncoders</code> to allow you to separately configure
the order of
-    preference for encoding and authentication schemes. </para>
-  <para>Additionally, plain text user authenticator has been changed to use SHA256SALT
as the
-    default encoding algorithm because it is more secure compared to MD5 hashing. It does
a simple
+    default encoding and authentication mechanism for admin and user logins. Two new configurable
+    lists have been introduced&mdash;userPasswordEncoders and userAuthenticators.
+    userPasswordEncoders allows you to configure the order of preference for encoding passwords,
+    whereas userAuthenticators allows you to configure the order in which authentication
schemes are
+    invoked to validate user passwords. </para>
+  <para>Additionally, the plain text user authenticator has been modified not to convert
supplied
+    passwords to their md5 sums before checking them with the database entries. It performs
a simple
     string comparison between retrieved and supplied login passwords instead of comparing
the
     retrieved md5 hash of the stored password against the supplied md5 hash of the password
because
     clients no longer hash the password. The following method determines what encoding scheme
is
@@ -35,11 +37,15 @@
     loaded as per the sequence specified in the <code>UserPasswordEncoders</code>
property in the
       <filename>ComponentContext.xml</filename> or <filename>nonossComponentContext.xml</filename>
     files. The order of authentication schemes is determined by the <code>UserAuthenticators</code>
-    property in the same files. When a new authenticator or encoder is added, you can add
them to
-    this list. While doing so, ensure that the new authenticator or encoder is specified
as a bean
-    in both these files. The administrator can change the ordering of both these properties
as
-    preferred to change the order of schemes. Modify the following list properties available
in
-      <filename>client/tomcatconf/nonossComponentContext.xml.in</filename> or
+    property in the same files. If Non-OSS components, such as VMware environments, are to
be
+    deployed, modify the <code>UserPasswordEncoders</code> and <code>UserAuthenticators</code>
lists
+    in the <filename>nonossComponentContext.xml</filename> file, for OSS environments,
such as
+    XenServer or KVM, modify the <filename>ComponentContext.xml</filename> file.
It is recommended
+    to make uniform changes across both the files. When a new authenticator or encoder is
added, you
+    can add them to this list. While doing so, ensure that the new authenticator or encoder
is
+    specified as a bean in both these files. The administrator can change the ordering of
both these
+    properties as preferred to change the order of schemes. Modify the following list properties
+    available in <filename>client/tomcatconf/nonossComponentContext.xml.in</filename>
or
       <filename>client/tomcatconf/componentContext.xml.in</filename> as applicable,
to the desired
     order:</para>
   <programlisting>&lt;property name="UserAuthenticators"&gt;
@@ -62,7 +68,7 @@
     the encoded password is stored in the user table's password column. If it fails for any
reason,
     the MD5UserAuthenticator will be tried next, and the order continues. For
       <code>UserAuthenticators</code>, SHA256Salt authentication is tried first.
If it succeeds, the
-    user is logged into the Management server. If it fails, MD5 is tried next, and attempts
-    continues until any of them succeeds and the user logs in . If none of them works,  the
user is
+    user is logged into the Management server. If it fails, md5 is tried next, and attempts
+    continues until any of them succeeds and the user logs in . If none of them works, the
user is
     returned an invalid credential message. </para>
 </section>


Mime
View raw message