Return-Path: 
 <cloudstack-dev-return-140-apmail-incubator-cloudstack-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 8404D95BD
	for <apmail-incubator-cloudstack-dev-archive@minotaur.apache.org>;
 Tue,  1 May 2012 04:35:55 +0000 (UTC)
Received: (qmail 36686 invoked by uid 500); 1 May 2012 04:35:55 -0000
Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org
Received: (qmail 36565 invoked by uid 500); 1 May 2012 04:35:54 -0000
Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:cloudstack-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:cloudstack-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:cloudstack-dev@incubator.apache.org>
List-Id: <cloudstack-dev.incubator.apache.org>
Reply-To: cloudstack-dev@incubator.apache.org
Delivered-To: mailing list cloudstack-dev@incubator.apache.org
Received: (qmail 36539 invoked by uid 99); 1 May 2012 04:35:53 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 May 2012 04:35:53 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (nike.apache.org: local policy)
Received: from [209.85.210.175] (HELO mail-iy0-f175.google.com)
 (209.85.210.175)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 May 2012 04:35:45 +0000
Received: by iakk32 with SMTP id k32so5426920iak.6
        for <cloudstack-dev@incubator.apache.org>;
 Mon, 30 Apr 2012 21:35:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=subject:references:from:content-type:x-mailer:in-reply-to
         :message-id:date:to:content-transfer-encoding:mime-version
         :x-gm-message-state;
        bh=XlFf/wrJkjOOr2F+rCF5sf9sxXdroLk9mIJl2kMB8xU=;
        b=fcKxA7xt+RVXBbP4LkGHOaa/tPqnRL1HpVkU7UCG6mzqM0/JbKYsRrkKW0bnQ5NptD
         7hZPGgETxOhbzRJPdo9vDcQbeJxtRwR0Sjw8OZ8GYGBbbkY60JTElMGs2dhVS+H4iWCD
         Zz+2nRobBMKk8dd2trf/m1TsIfTCXOCngTvgIArvBP6Jtr2kJNC3BI1XA6BbVKXcuL/T
         Hf3ADDlIWxx75TSyd8ELkFQLl8efq18aK8s9GEI/QMY2KiFSQHD1dNNOgyCR95G1bFtN
         391z1GtIhudRodXYmuPIefG1JPAry1m+LBdVphMQz2bN+MW7nihbf1nWugjSI3YSFGFM
         259g==
Received: by 10.50.153.201 with SMTP id vi9mr503654igb.46.1335846924193;
        Mon, 30 Apr 2012 21:35:24 -0700 (PDT)
Received: from [172.19.131.150] ([12.130.126.75])
        by mx.google.com with ESMTPS id
 iu5sm38349931igc.14.2012.04.30.21.35.22
        (version=TLSv1/SSLv3 cipher=OTHER);
        Mon, 30 Apr 2012 21:35:23 -0700 (PDT)
Subject: Re: user credntials
References: 
 <64FB1554ABC9B44FAA773FBD6CB889C2F915DFC375@BANPMAILBOX01.citrite.net>
 <CBC41430.1F6C2%chiradeep.vittal@citrix.com>
 <61AE1E2837A06D4A8E98B796183842D40116B82ACB35@SJCPMAILBOX01.citrite.net>
 <61AE1E2837A06D4A8E98B796183842D40116B82ACCE9@SJCPMAILBOX01.citrite.net>
 <61AE1E2837A06D4A8E98B796183842D40116B804A245@SJCPMAILBOX01.citrite.net>
From: David Nalley <david@gnsa.us>
Content-Type: text/plain;
	charset=us-ascii
X-Mailer: iPad Mail (9B176)
In-Reply-To: 
 <61AE1E2837A06D4A8E98B796183842D40116B804A245@SJCPMAILBOX01.citrite.net>
Message-Id: <92DD066A-75FA-4A29-A939-13363DA7B4F5@gnsa.us>
Date: Mon, 30 Apr 2012 21:35:19 -0700
To: "cloudstack-dev@incubator.apache.org"
 <cloudstack-dev@incubator.apache.org>
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
X-Gm-Message-State: 
 ALoCoQmsvtDbUNSRJ/dUmZmnuaZIVenhuow27Y0+UFujv5SNHnf6dXfLuXPOtQvEscYgqYc7ugkc





On Apr 30, 2012, at 9:11 PM, Will Chan <will.chan@citrix.com> wrote:

> The parameter for password is simply just used to pass information from th=
e client to CS.  It's really up to the AuthenticatorAdapter to decide how it=
 should use the parameter.  Since by default, MD5 hashed password is being p=
assed in, the default adapter is just doing a simple comparison againt the D=
B.  If suddenly the admin wishes to use the LDAPAuthenticator, he should req=
uire that the password to be in plain-text (assuming that is what is used to=
 compare against).  We don't need need two parameters for this.  You can als=
o imagine someone wanting SHA-256, etc. for their password encryption.  The o=
nly way I can think having two separate parameters is if there is a use-case=
 for using multiple adapters, each requiring their own parameter but I reall=
y doubt this would ever be used.  It would mean two different auth DB.
>=20
> Will
>=20
> ________________________________________
>=20
So let me point out a practical example where this fails. Cumulus, the andro=
id client to CloudStack, the login command to get a token and use session ba=
sed auth initially. The endpoint could be any CloudStack deployment, and the=
 end user may not know whether or not the operator is using native auth or a=
n external service. They take in username and password from the user, do the=
y md5 the password or not? How can they tell what they should be passing? (s=
ame problem with multiple parameters unless we accept all and only use one).=
 And there are plenty of possible apps that would behave in this manner.=20

--David=