incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Spicar (JIRA)" <j...@apache.org>
Subject [jira] Updated: (CLEREZZA-421) Support for multiple user password encryptions
Date Thu, 17 Feb 2011 16:22:24 GMT

     [ https://issues.apache.org/jira/browse/CLEREZZA-421?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Daniel Spicar updated CLEREZZA-421:
-----------------------------------

    Attachment:     (was: patch-CLEREZZA-421.diff)

> Support for multiple user password encryptions
> ----------------------------------------------
>
>                 Key: CLEREZZA-421
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-421
>             Project: Clerezza
>          Issue Type: New Feature
>            Reporter: Daniel Spicar
>         Attachments: patch-CLEREZZA-421.diff
>
>
> We have an issue when we import users from a different system to clerezza. The users
have passwords encrypted in SSHA (not SHA-1 as clerezza uses). We do not have their clear-text
passwords.
> Now I wonder how would you best enable clerezza to support logins with different password
encoding methods. Most likely a single user will only use one encoding but different users
can have different encodings. 
> I have seen you have WeightedAutenicationMethod services. But if I interpret this correctly
it won't solve my issue. I assume I am looking for a way to register multiple AutenticationChecker
services such that passwords can be checked against more than one of them. I don't see this
implemented so far.
> Some questions with this would be:
> - do we simply add new properties for differently encoded passwords (passwordSsha, passwordSha1,
...) or do we change the ontology so a password resource contains both, the encrypted string
as a literal and a uri designating the password encoding method?
> - can the user have more than one such password resources (the password encoded in multiple
encryption methods)?
> - how to update user passwords? (e.g. delete all passwords and add a new one in the default
encoding of the platform) 
> I could provide a patch for this issue but we should define how we want to resolve it
first.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message