incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Kluge <Kevin.Kl...@citrix.com>
Subject RE: user credntials
Date Mon, 30 Apr 2012 16:00:12 GMT
This means the client has to figure out whether to send MD5 hash or cleartext on a per-cloud
basis.  That seems unreasonable.

Why don't we just send plain text passwords and expect the use of SSL?   We'd have to add
a new parameter and deprecate the current MD5 hash password.

-kevin

> -----Original Message-----
> From: Will Chan
> Sent: Saturday, April 28, 2012 4:39 PM
> To: cloudstack-dev@incubator.apache.org; Kevin Kluge
> Subject: RE: user credntials
> 
> The service provider (or whomever is hosting CloudStack) needs to make
> that decision.  Using the default CS installation, we default to the
> MD5UserAuthenticator which requires passwords passed to the login
> command to be MD5 hashed.  This got changed to plain-text in 3.0 and must
> be reverted back to MD5 in 3.0.2 when the upgrade patch is released or
> anyone upgrading could get affected.
> 
> If the service/hosting provider wants to use a different hashing algorithm -
> OR- none, he can create or configure CS to use that adapter.  However, they
> are responsible for informing their customer.
> 
> Will
> 
> ________________________________________
> From: Abhinandan Prateek [Abhinandan.Prateek@citrix.com]
> Sent: Saturday, April 28, 2012 3:28 PM
> To: Kevin Kluge; cloudstack-dev@incubator.apache.org
> Subject: RE: user credntials
> 
> The use of plaintext passwords in API is required for only those cloudstack
> users who wish to use an external authentication mechanism and will be
> documented.
> The support for the encoded password has to be kept as is due to existing
> users of cloudstack.
> 
> 
> -----Original Message-----
> From: Kevin Kluge
> Sent: Sunday, April 29, 2012 1:09 AM
> To: Abhinandan Prateek; cloudstack-dev@incubator.apache.org
> Subject: RE: user credntials
> 
> How would an API client know to use cleartext or MD5 hash?
> 
> 
> > -----Original Message-----
> > From: Abhinandan Prateek
> > Sent: Saturday, April 28, 2012 7:56 AM
> > To: Kevin Kluge; cloudstack-dev@incubator.apache.org
> > Subject: RE: user credntials
> >
> > In 2.2.* we were passing MD5 encoded password via UI. For Acton it
> > changed to unencrypted password as that was the only way to have
> > external systems to authenticate cloudstack users for example external
> LDAP.
> > This is being reverted back to MD5 encoded password in 3.0.2 as it
> > was. It will be left to the admin to configure this encryption
> > mechanism in case LDAP is in use.
> >
> > -Abhi
> >
> > -----Original Message-----
> > From: Kevin Kluge
> > Sent: Saturday, April 28, 2012 8:16 PM
> > To: Abhinandan Prateek; cloudstack-dev@incubator.apache.org
> > Subject: RE: user credntials
> >
> > Abhi, is this a backwards incompatible API change?   Also, what does it
> mean
> > for upgrade?
> >
> > I thought we always sent MD5 hashed passwords from UI to MS.  Can you
> > explain the change a bit more?
> >
> > -kevin
> >
> > > -----Original Message-----
> > > From: Abhinandan Prateek
> > > Sent: Saturday, April 28, 2012 12:14 AM
> > > Subject: user credntials
> > >
> > > Team,
> > >    There has been a change in the way passwords are being passed
> > > from the cloudstack UI.  In case you have difficulty login with the
> > > new 3.* build, clear your browser cache. If you are using API to
> > > login then you need to provide
> > > MD5 encrypted passwords to login instead of plaintext. In case you
> > > still have issues drop me an email.
> > > -Abhi

Mime
View raw message