cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-1734) Make SHA256Salt default password encoding mechanism
Date Wed, 03 Apr 2013 04:45:15 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-1734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13620600#comment-13620600
] 

ASF subversion and git services commented on CLOUDSTACK-1734:
-------------------------------------------------------------

Commit 6af3d763cd3518ac494e40efc4cf29e53eb5c828 in branch refs/heads/internallb from [~vijayendrabvs]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=6af3d76 ]

CLOUDSTACK-1734: Make SHA1 default password encoding mechanism

Description:

	Making SHA256SALT the default encoding algorithm to encode
	passwords when creating/updating users.

	Introducing a new configurable list to allow admins to
	separately configure the order of preference for encoding
	and authentication schemes.

	Since passwords are now sent by clients as clear text,
	fixing the Plain text authenticator to check against the
	password passed in rather than its md5 digest.

                
> Make SHA256Salt default password encoding mechanism
> ---------------------------------------------------
>
>                 Key: CLOUDSTACK-1734
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1734
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.1.0
>         Environment: Cloudstack generic
>            Reporter: Venkata Siva Vijayendra Bhamidipati
>            Assignee: Venkata Siva Vijayendra Bhamidipati
>             Fix For: 4.2.0
>
>
> Currently MD5 is the default password encoding mechanism during user creation and updation.
Make SHA1 the default, using the recently added SHA256SALTUserAuthenticator.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message