geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dain Sundstrom <dsundst...@gluecode.com>
Subject Re: [jira] Commented: (GERONIMO-411) Add Hash Password Rewrite to File Realm
Date Mon, 01 Nov 2004 19:01:52 GMT
I think we should have a gpasswd tool that can set a password, add  
accounts, remove them etc,  and it would work it all the realms we  
provide.  Basically PAM for G.

-dain

--
Dain Sundstrom
Chief Architect
Gluecode Software
310.536.8355, ext. 26

On Nov 1, 2004, at 10:41 AM, Aaron Mulder (JIRA) wrote:

>      [  
> http://nagoya.apache.org/jira/browse/GERONIMO-411? 
> page=comments#action_54897 ]
>
> Aaron Mulder commented on GERONIMO-411:
> ---------------------------------------
>
> I don't like requiring entries to be hashed to begin with, because  
> then you need to tool to edit the file.  In my experience, it's nicer  
> to put plain text in the file and let the server replace that with the  
> hashed version.
>
> But... if we were not going to rewrite, but we still want hashes, then  
> I think we need to provide a tool to add or update entries in the  
> file, so you still get everything you need in the Geronimo download.   
> Some products just have you use htpasswd, but I don't like that  
> approach much (and I thought that used crypt instead of MD5 anyway,  
> though I don't really know).
>
> What is it about rewriting that bothers you?
>
>
>> Add Hash Password Rewrite to File Realm
>> ---------------------------------------
>>
>>          Key: GERONIMO-411
>>          URL: http://nagoya.apache.org/jira/browse/GERONIMO-411
>>      Project: Apache Geronimo
>>         Type: Improvement
>>   Components: security
>>     Versions: 1.0-M2
>>     Reporter: Aaron Mulder
>>     Priority: Minor
>
>>
>> It would be nice if the properties file realm could rewrite your  
>> properties file with hashed passwords when it reads it.  We would  
>> need to be able to recognize hashed vs. unhashed entries and perhaps  
>> even different algorithms.  Perhaps it could go like this:
>> user1=plaintext
>> user2=MD5{...}
>> user3=SHA1{...}
>> Anyway, the idea is that this could be a reasonably secure  
>> alternative, but you still wouldn't need to manually hash things to  
>> add or update entries -- just put a plain text entry in and the next  
>> time the server reads the file it would hash it for you.
>> I guess we'd need to synchronize on the hash operation to avoid  
>> threading problems if multiple apps or whatever use the same  
>> properties file, but it shouldn't be bad if we only rewrite the file  
>> if we find any plain text entries.
>
> -- 
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the administrators:
>    http://nagoya.apache.org/jira/secure/Administrators.jspa
> -
> If you want more information on JIRA, or have a bug to report see:
>    http://www.atlassian.com/software/jira


Mime
View raw message