Review Request: Make SHA256Salt the default password encoding and authentication mechanism for cloudstack

Tue, 19 Mar 2013 22:03:34 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/10039/
-----------------------------------------------------------

Review request for cloudstack and Kelven Yang.


Description
-------

Changing default password encoding mechanism from MD5 to SHA256Salted.


This addresses bug CS-1734.


Diffs
-----

  api/src/org/apache/cloudstack/api/command/admin/account/CreateAccountCmd.java 
89673ea 
  api/src/org/apache/cloudstack/api/command/admin/user/CreateUserCmd.java 
fb29e1a 
  api/src/org/apache/cloudstack/api/command/admin/user/UpdateUserCmd.java 
1f31662 
  client/tomcatconf/componentContext.xml.in 016df0a 
  client/tomcatconf/nonossComponentContext.xml.in 8f8dae5 
  developer/developer-prefill.sql 6300d35 
  
plugins/user-authenticators/ldap/src/com/cloud/server/auth/LDAPUserAuthenticator.java
 61eebe5 
  
plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java
 026125e 
  
plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java
 52e7cb3 
  
plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java
 1b29f69 
  server/src/com/cloud/server/ManagementServerImpl.java b689f93 
  server/src/com/cloud/user/AccountManagerImpl.java b69f314 

Diff: https://reviews.apache.org/r/10039/diff/


Testing
-------

Manual testing done for both oss and nonoss components. Both admin and users 
added later are encoded according to the scheme configured, and authenticated 
by the same scheme.

To change the order of the schemes, modify the following list properties in 
client/tomcatconf/nonossComponentContext.xml.in or 
client/tomcatconf/componentContext.xml.in as applicable, to the desired order:

    <property name="UserAuthenticators">
         <list>
            <ref bean="SHA256SaltedUserAuthenticator"/>
            <ref bean="MD5UserAuthenticator"/>
            <ref bean="LDAPUserAuthenticator"/>
            <ref bean="PlainTextUserAuthenticator"/>
        </list>
    </property>

    <property name="UserPasswordEncoders">
        <list>
            <ref bean="SHA256SaltedUserAuthenticator"/>
             <ref bean="MD5UserAuthenticator"/>
             <ref bean="LDAPUserAuthenticator"/>
            <ref bean="PlainTextUserAuthenticator"/>
         </list>


Thanks,

Venkata Siva Vijayendra Bhamidipati

Reply via email to