directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r908162 - in /websites/staging/directory/trunk/content: ./ apacheds/advanced-ug/6-implementing-interceptor.html
Date Tue, 06 May 2014 07:14:20 GMT
Author: buildbot
Date: Tue May  6 07:14:20 2014
New Revision: 908162

Staging update by buildbot for directory

    websites/staging/directory/trunk/content/   (props changed)

Propchange: websites/staging/directory/trunk/content/
--- cms:source-revision (original)
+++ cms:source-revision Tue May  6 07:14:20 2014
@@ -1 +1 @@

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/6-implementing-interceptor.html
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/6-implementing-interceptor.html
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/6-implementing-interceptor.html
Tue May  6 07:14:20 2014
@@ -195,7 +195,7 @@ Password hash. A simple interceptor</p>
 <p>In order to build it, simply check it out and type "mvn install".
 Implementing the class PasswordHashInterceptor</p>
 <p>The following UML class diagram depicts the structure of the little example. Classes
in white are given by Apache Directory Server as extension points. The two gray classes comprise
the example interceptor.</p>
-<p><a href="passwordHashInterceptor_UML.png"></a></p>
+<p><a href="images/passwordHashInterceptor_UML.png">Password Hash Interceptor
UML diagram</a></p>
 <p>The class HashTools contains two simple methods w.r.t. hashing. isAlreadyHashed
detects whether a value has already been hashed with a known message digest algorithm. applyHashAlgorithm
applies a hash algorithm to a sequence of bytes. See the source code and the unit tests of
this class for details, it has not that much to do with the interceptor stuff.</p>
 <p>The central class is PasswordHashInterceptor. Every interceptor has to implement
the Interceptor interface from package PasswordHashInterceptor
does so by extended the convenience class BaseInterceptor from the same package.</p>
 <p>The property hashAlgorithm allows to configure the alhorithm used for hashing the
passwords. It defaults to MD5 (Message-Digest algorithm 5). The property passwordAttributeName
allows configuration of the attribute type which stores the user password. Its value will
be hashed if needed. The property defaults to "userPassword", which is quite common and used
for instance in the inetOrgPerson object class.</p>
@@ -374,11 +374,11 @@ Adding it to a standard server installat
 <p>Then we add a new attribute userPassword in the entry editor. For the value, a special
editor appears:</p>
-<p><a href="passwordHashInterceptor_passwordEditor.png"></a></p>
+<p><a href="images/passwordHashInterceptor_passwordEditor.png"></a></p>
 <p>Select "Plaintext" as the hash method and enter a new password. We selected "secret"
(see screen shot above). After pressing OK, a modify operation is sent to the server, which
will be intercepted by our example class.</p>
-<p><a href="passwordHashInterceptor_modificationLog.png"></a></p>
+<p><a href="images/passwordHashInterceptor_modificationLog.png"></a></p>
 <p>After that, the value for userPassword is not "secret", but the MD5 digested value
of it.</p>
-<p><a href="passwordHashInterceptor_entryEditor.png"></a></p>
+<p><a href="images/passwordHashInterceptor_entryEditor.png"></a></p>
 <p>The user Kate Bush is still capable of authenticating with the password "secret",
because Apache Directory Server supports authentication with passwords hashed with this algorithm.
You can verify this by connecting with Studio and the using "cn=Kate Bush,ou=users,ou=system"
as bind DN.</p>
 <p>Here it is demonstrated with the help of the ldapsearch command line tool. The result
also shows that the userPassword value is hashed with MD5.</p>
 <div class="codehilite"><pre>$ <span class="n">ldapsearch</span>
<span class="o">-</span><span class="n">h</span> <span class="n">localhost</span>
<span class="o">-</span><span class="n">p</span> 10389 <span class="o">-</span><span
class="n">D</span> &quot;<span class="n">cn</span><span class="p">=</span><span
class="n">Kate</span> <span class="n">Bush</span><span class="p">,</span><span
class="n">ou</span><span class="p">=</span><span class="n">users</span><span
class="p">,</span><span class="n">ou</span><span class="p">=</span><span
class="n">system</span>&quot; <span class="o">\\</span>

View raw message