sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (Jira)" <j...@apache.org>
Subject [jira] [Commented] (SLING-8726) RepoInit: documentation implies that users can be created with pw-hash
Date Mon, 23 Sep 2019 09:36:00 GMT

    [ https://issues.apache.org/jira/browse/SLING-8726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16935688#comment-16935688
] 

angela commented on SLING-8726:
-------------------------------

[~rombert], since you recently updated the repo-init documentation, you may also want to look
into this one....

> RepoInit: documentation implies that users can be created with pw-hash
> ----------------------------------------------------------------------
>
>                 Key: SLING-8726
>                 URL: https://issues.apache.org/jira/browse/SLING-8726
>             Project: Sling
>          Issue Type: Bug
>          Components: Documentation
>            Reporter: angela
>            Priority: Major
>
> the documentation for repo init contains the following example on line 171:
> {code}
>     create user demoUser with password {SHA-256} dc460da4ad72c482231e28e688e01f2778a88ce31a08826899d54ef7183998b5
> {code}
> this implies that repo init allows to create a user with a pw-hash. however, this is
not the case, when looking at the corresponding code in {{o.a.s.jcr.repoinit}}, which ultimately
calls {{UserManager.createUser(id, pw, principal, intermediatePath}}, which takes a plain
text password (any string or null). if and how the pw is being hashed is an implementation
detail.
> in order to make this clear and no generate the impression that a pw-hash can be specified,
i would suggest to change the example to
> {code}
>     create user demoUser with password plaintextpw
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message