cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Venkata Siva Vijayendra Bhamidipati" <vijayendra.bhamidip...@citrix.com>
Subject Re: Review Request: Make SHA256Salt the default password encoding and authentication mechanism for cloudstack
Date Tue, 02 Apr 2013 05:42:50 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/10039/
-----------------------------------------------------------

(Updated April 2, 2013, 5:42 a.m.)


Review request for cloudstack, Hugo Trippaers, Kelven Yang, and Min Chen.


Changes
-------

Attaching latest diffs on top of master, incorporating changes suggested by Min.


Description
-------

Changing default password encoding mechanism from MD5 to SHA256Salted.


This addresses bug CS-1734.


Diffs (updated)
-----

  api/src/org/apache/cloudstack/api/command/admin/account/CreateAccountCmd.java 89673ea 
  api/src/org/apache/cloudstack/api/command/admin/user/CreateUserCmd.java fb29e1a 
  api/src/org/apache/cloudstack/api/command/admin/user/UpdateUserCmd.java 1f31662 
  client/tomcatconf/applicationContext.xml.in 636eac2 
  client/tomcatconf/componentContext.xml.in fea1d0f 
  client/tomcatconf/nonossComponentContext.xml.in 0b02eb6 
  developer/developer-prefill.sql 6300d35 
  plugins/user-authenticators/ldap/src/com/cloud/server/auth/LDAPUserAuthenticator.java 61eebe5

  plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java 026125e

  plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java
52e7cb3 
  plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java
1b29f69 
  server/src/com/cloud/server/ManagementServerImpl.java d0904e1 
  server/src/com/cloud/user/AccountManagerImpl.java 40db4ed 

Diff: https://reviews.apache.org/r/10039/diff/


Testing
-------

Manual testing done for both oss and nonoss components. Both admin and users added later are
encoded according to the scheme configured, and authenticated by the same scheme.

To change the order of the schemes, modify the following list properties in client/tomcatconf/nonossComponentContext.xml.in
or client/tomcatconf/componentContext.xml.in as applicable, to the desired order:

    <property name="UserAuthenticators">
         <list>
            <ref bean="SHA256SaltedUserAuthenticator"/>
            <ref bean="MD5UserAuthenticator"/>
            <ref bean="LDAPUserAuthenticator"/>
            <ref bean="PlainTextUserAuthenticator"/>
        </list>
    </property>

    <property name="UserPasswordEncoders">
        <list>
            <ref bean="SHA256SaltedUserAuthenticator"/>
             <ref bean="MD5UserAuthenticator"/>
             <ref bean="LDAPUserAuthenticator"/>
            <ref bean="PlainTextUserAuthenticator"/>
         </list>


Thanks,

Venkata Siva Vijayendra Bhamidipati


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message