Thanks Fred! This helps a lot, but I still have some questions. So does this mean that the private key is stored on the user's machine, and the public key is stored on the server? What do you mean by "encrypt is clear text password in the UI?" Is the encryption method Triple DES as mentioned in the Jira request?
Thanks, Barry freddy33 wrote: > > Hi, > > First, yes this is implemented. > Second, the SecretKey is actually generated per user when he is using the > Artifactory Web UI. I mean that the password is used to authenticate the > user against LDAP, then when going to the user profile page the user can > "Unlock" his password using it's personal private key with the same > password. Artifactory never store the LDAP password, just the pair > private/public key used to decrypt the grabbled text used by the user in > the > settings.xml and encrypt is clear text password in the UI. > > Is that clear? :) > > HTH, > Fred. > > On Sat, Nov 14, 2009 at 12:51 AM, bman <[email protected]> wrote: > >> >> Howdy, >> >> According to the original feature request for encrypted passwords >> (http://issues.jfrog.org/jira/browse/RTFACT-1191), the admin user should >> be >> able to set the key value: >> The basic concept is to allow an admin user the ability (via Web UI) to >> set >> a secret key value (javax.crypto.SecretKey) to be used for encrypting >> users >> passwords. Once the secret key has been set, the normal user would use >> the >> Web UI to input his password and then generate the encrypted (Triple >> DES?) >> version of the password. The user would then cut-and-paste the encrypted >> string into the settings.xml file. >> Was this part implemented? If so, how does one go about doing this? >> >> Otherwise, how is the key set and what security controls are around the >> key? >> >> We are integrating with LDAP, so we just want to be sure our domain >> credentials are well protected. >> >> Thanks, >> Barry >> -- >> View this message in context: >> http://old.nabble.com/Encrypted-Passwords-tp26344800p26344800.html >> Sent from the Artifactory-Users mailing list archive at Nabble.com. >> >> >> >> ------------------------------------------------------------------------------ >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >> 30-Day >> trial. Simplify your report design, integration and deployment - and >> focus >> on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> _______________________________________________ >> Artifactory-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/artifactory-users >> > > > > -- > Co. Founder and Chief Architect > JFrog Ltd > http://www.jfrog.org/ > http://twitter.com/freddy33 > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > trial. Simplify your report design, integration and deployment - and focus > on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Artifactory-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/artifactory-users > > -- View this message in context: http://old.nabble.com/Encrypted-Passwords-tp26344800p26505325.html Sent from the Artifactory-Users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Artifactory-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/artifactory-users
