cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Animesh Chaturvedi <animesh.chaturv...@citrix.com>
Subject RE: Review Request: Make SHA256Salt the default password encoding and authentication mechanism for cloudstack
Date Thu, 21 Mar 2013 22:51:07 GMT


> -----Original Message-----
> From: Chip Childers [mailto:chip.childers@sungard.com]
> Sent: Wednesday, March 20, 2013 5:56 PM
> To: cloudstack-dev@incubator.apache.org
> Cc: Vijayendra Bhamidipati
> Subject: Re: Review Request: Make SHA256Salt the default password
> encoding and authentication mechanism for cloudstack
> 
> On Wed, Mar 20, 2013 at 08:42:17PM -0400, David Nalley wrote:
> > On Wed, Mar 20, 2013 at 8:34 PM, Chip Childers
> > <chip.childers@sungard.com> wrote:
> > > On Wed, Mar 20, 2013 at 11:26:50AM -0700, Vijayendra Bhamidipati
> wrote:
> > >> Hi Chip, Prasanna,
> > >>
> > >> Yes, the change is pretty straightforward, the reasoning is to make
> default password encoding more secure because the SHA256salted
> authenticator recently added by Hugo salts the passwords while the existing
> MD5 authenticator doesn't, and is the default. This change gives the CS
> admin the flexibility to choose the ordering of the encoders/authenticators.
> No new authenticator/encoder classes needed to be added, the existing
> ones are simply used better.
> > >>
> > >> Upgrade scenarios were considered and these changes will have no
> effect on upgrades. Only new users and updated users will have their
> passwords encoded by the first valid encoder in the UserPasswordEncoder
> list. Existing users will still get authenticated as before since authentication
> passes through all the authenticators available in the UserAuthenticator list
> until one of them succeeds or all fail.
> > >>
> > >> Regards,
> > >> Vijay
> > >
> > > Does everyone believe that this is a valid change for 4.1?  Or
> > > should we wait for 4.2 or 4.1.1?
> > >
> >
> > 4.2
> > Review request is for master
> > Lets try an minimize change to 4.1 if at all possible.
> >
> > --David
> >
> 
> The bug was marked for 4.1, which was the confusion.  I've changed the bug
> fix-version to 4.2.  This can be reviewed by Hugo or Kelvin as requested by
> Vijayendra.
[Animesh>] Yes should be for 4.2 definitely not for 4.1

Mime
View raw message