cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vijayendra Bhamidipati <vijayendra.bhamidip...@citrix.com>
Subject RE: [Doc] Default Password Encoding Mechanism, SHA256Salt, Doc for Review
Date Sun, 18 Aug 2013 00:20:36 GMT
Hi Radhika,

A few corrections need to be made:

1)

"A new configurable list called UserPasswordEncoders to allow you to separately configure
the order of preference for encoding and authentication schemes."

Please change the above line to:

"Two new configurable lists have been introduced - userPasswordEncoders to allow you to configure
the order of preference for encoding passwords, and userAuthenticators to allow you to configure
the order in which authentication schemes are invoked to validate user passwords".


2)
"Additionally, plain text user authenticator has been changed to use SHA256SALT as the default
encoding algorithm because it is more secure compared to MD5 hashing."

Please change the above line to:

"Additionally, the plain text user authenticator has been modified not to convert supplied
passwords to their md5 sums before checking them with the db entries."


3)
When I had checked in the code for this feature as part of commit # 2dbdc46337be375940441ac4b41f95f25bbbf21d,
I had defined the above lists in applicationContext.xml, instead of having them separately
defined in both componentContext.xml and nonossComponentContext.xml - but they've been moved
back into these files, so now the explanation should explicitly state that if nonoss components
like vmware environments are to be deployed, the userPasswordEncoders and userAuthenticators
lists need to be modified in the nonossComponentContext.xml file, or otherwise, for oss environments
like XenServer or KVM etc, the ComponentContext.xml file. Please add a sentence or two to
this effect after this sentence: "The order of authentication schemes is determined by the
UserAuthenticators property in the same files." Please also add that it is recommended to
make uniform changes across both files. Please also make changes to the other sentences that
refer to either of these files, accordingly.


Rest all looks good.


Thanks!
Regards,
Vijay.

From: Radhika Puthiyetath
Sent: Thursday, August 08, 2013 1:52 AM
To: users@cloudstack.apache.org; dev@cloudstack.apache.org; Vijayendra Bhamidipati; Sudha
Ponnaganti
Subject: [Doc] Default Password Encoding Mechanism, SHA256Salt, Doc for Review

Hi,

Default Password Encoding Mechanism, SHA256Salt, Doc is ready for review. The doc is attached
at https://issues.apache.org/jira/browse/CLOUDSTACK-1815.

Please provide your feedback.


Regards
-Radhika



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message