Hi,
First, yes this is implemented.
Second, the SecretKey is actually generated per user when he is using the
Artifactory Web UI. I mean that the password is used to authenticate the
user against LDAP, then when going to the user profile page the user can
"Unlock" his password using it's personal private key with the same
password. Artifactory never store the LDAP password, just the pair
private/public key used to decrypt the grabbled text used by the user in the
settings.xml and encrypt is clear text password in the UI.
Is that clear? :)
HTH,
Fred.
On Sat, Nov 14, 2009 at 12:51 AM, bman <[email protected]> wrote:
>
> Howdy,
>
> According to the original feature request for encrypted passwords
> (http://issues.jfrog.org/jira/browse/RTFACT-1191), the admin user should
> be
> able to set the key value:
> The basic concept is to allow an admin user the ability (via Web UI) to set
> a secret key value (javax.crypto.SecretKey) to be used for encrypting users
> passwords. Once the secret key has been set, the normal user would use the
> Web UI to input his password and then generate the encrypted (Triple DES?)
> version of the password. The user would then cut-and-paste the encrypted
> string into the settings.xml file.
> Was this part implemented? If so, how does one go about doing this?
>
> Otherwise, how is the key set and what security controls are around the
> key?
>
> We are integrating with LDAP, so we just want to be sure our domain
> credentials are well protected.
>
> Thanks,
> Barry
> --
> View this message in context:
> http://old.nabble.com/Encrypted-Passwords-tp26344800p26344800.html
> Sent from the Artifactory-Users mailing list archive at Nabble.com.
>
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Artifactory-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/artifactory-users
>
--
Co. Founder and Chief Architect
JFrog Ltd
http://www.jfrog.org/
http://twitter.com/freddy33
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Artifactory-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
