cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ove Ewerlid <Ove.Ewer...@oracle.com>
Subject Re: Review Request: Added PlainTextAuthenticator
Date Thu, 16 May 2013 22:06:34 GMT
On 05/16/2013 10:55 PM, Chip Childers wrote:
>> For those moving from 2.2.x, 3.0.x, 4.0 to 4.1:
>> 1. We remove the incorrect auth mechanism and put in the right fix of
>> encoding at the server and not doing any UI magic.
>> 2. We correct the API docs and other docs to indicate the user to send
>> in plaintext so clients can adjust to the change.
>> 3. We describe this migration situation as Ove encountered and how it
>> can be corrected without any change using the plaintext authenticator.
>>
>> I hope that this is fixed right and at the same time it doesn't break
>> backwards compatibility which is the solution that Kishan is proposing
>> and I'd recommend too.
>
> Well said Prasanna.  I follow now.
>
> So I'll pull in the patch.  What's missing though, is an update to the
> release notes that describes the situation.
>
> If someone wants to add that, then we can proceed with closing the bug
> IMO.  If someone simply wants to write it into an email, I'll add it to
> the release notes XML file if you want.
>
> Let's keep the bug open until we get it documented though...
>
> -chip
>

+1

I was baffled by the fact that the server side authentication process up 
until now did not expect plain text passwords, that had me confused on 
what Kishan was communicating. From my point of view, fixing this design 
flaw is a must and motivates the user provisioning breakage and an 
improved hash with salt adds additional icing. All is good.

For migration and provisioning scenarios requiring adding hashes 
directly, there is always direct DB access.

/Ove


-- 
Ove Everlid
System Administrator / Architect / SDN & Linux hacker
Mobile: +46706662363
Office: +4618656913 (note EMEA Time Zone)

Mime
View raw message