cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-1734) Make SHA256Salt default password encoding mechanism
Date Wed, 03 Apr 2013 01:04:13 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-1734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13620467#comment-13620467
] 

ASF subversion and git services commented on CLOUDSTACK-1734:
-------------------------------------------------------------

Commit 2dbdc46337be375940441ac4b41f95f25bbbf21d in branch refs/heads/master from [~vijayendrabvs]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=2dbdc46 ]

CLOUDSTACK-1734: Make SHA1 default password encoding mechanism

Description:

	Making SHA256SALT the default encoding algorithm to encode
	passwords when creating/updating users.

	Introducing a new configurable list to allow admins to
	separately configure the order of preference for encoding
	and authentication schemes.

	Since passwords are now sent by clients as clear text,
	fixing the Plain text authenticator to check against the
	password passed in rather than its md5 digest.

                
> Make SHA256Salt default password encoding mechanism
> ---------------------------------------------------
>
>                 Key: CLOUDSTACK-1734
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1734
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.1.0
>         Environment: Cloudstack generic
>            Reporter: Venkata Siva Vijayendra Bhamidipati
>            Assignee: Venkata Siva Vijayendra Bhamidipati
>             Fix For: 4.2.0
>
>
> Currently MD5 is the default password encoding mechanism during user creation and updation.
Make SHA1 the default, using the recently added SHA256SALTUserAuthenticator.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message