cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kishan Kavala <Kishan.Kav...@citrix.com>
Subject RE: Review Request: Added PlainTextAuthenticator
Date Thu, 16 May 2013 12:16:32 GMT
Ove,
  Plain text authenticator will allow logging using the hash value. Or else, clients sending
MD5 hash will fail to login. This is primarily for backward compatibility.
To avoid logging in using has value itself, plain text authenticator can be removed from auth
adapter list, provided the client sends plain text instead of hash.

~kishan

> -----Original Message-----
> From: Ove Ewerlid [mailto:Ove.Ewerlid@oracle.com]
> Sent: Thursday, 16 May 2013 5:33 PM
> To: dev@cloudstack.apache.org; Kishan Kavala
> Subject: Re: Review Request: Added PlainTextAuthenticator
> 
> Hi Kishan!
> 
> Did you verify that adding the plain text authenticator will not allow login
> using the hash value itself?
> 
> 
> from AccountManagerImpl.java;
>   ... getUserAccount ...
>   ...
>    boolean authenticated = false;
>           for(UserAuthenticator authenticator : _userAuthenticators) {
>               if (authenticator.authenticate(username, password,
> domainId, requestParameters)) {
>                   authenticated = true;
>                   break;
>               }
>           }
>   ...
> 
> /Ove
> 
> On 05/16/2013 12:39 PM, Kishan Kavala wrote:
> >
> > -----------------------------------------------------------
> > This is an automatically generated e-mail. To reply, visit:
> > https://reviews.apache.org/r/11194/
> > -----------------------------------------------------------
> >
> > Review request for cloudstack and Chip Childers.
> >
> >
> > Summary (updated)
> > -----------------
> >
> > Added PlainTextAuthenticator
> >
> >
> > Description (updated)
> > -------
> >
> > Added PlainTextAuthenticator for backward compatibility. Removed MD5
> auth from PlainTextAuthenticator. It just does plain text compare.
> >
> >
> > This addresses bug CLOUDSTACK-2516.
> >
> >
> > Diffs (updated)
> > -----
> >
> >    client/tomcatconf/applicationContext.xml.in 849c0bc
> >    client/tomcatconf/componentContext.xml.in ecd4a11
> >    plugins/user-authenticators/plain-
> text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java 52e7cb3
> >
> > Diff: https://reviews.apache.org/r/11194/diff/
> >
> >
> > Testing (updated)
> > -------
> >
> > Tested login with password sent as both MD5 hash and plaintext
> >
> >
> > Thanks,
> >
> > Kishan Kavala
> >
> >
> 
> 
> --
> Ove Everlid
> System Administrator / Architect / SDN & Linux hacker
> Mobile: +46706662363
> Office: +4618656913 (note EMEA Time Zone)
Mime
View raw message