This means the client has to figure out whether to send MD5 hash or cleartext on a per-cloud basis. That seems unreasonable.
Why don't we just send plain text passwords and expect the use of SSL? We'd have to add a new parameter and deprecate the current MD5 hash password. -kevin > -----Original Message----- > From: Will Chan > Sent: Saturday, April 28, 2012 4:39 PM > To: cloudstack-dev@incubator.apache.org; Kevin Kluge > Subject: RE: user credntials > > The service provider (or whomever is hosting CloudStack) needs to make > that decision. Using the default CS installation, we default to the > MD5UserAuthenticator which requires passwords passed to the login > command to be MD5 hashed. This got changed to plain-text in 3.0 and must > be reverted back to MD5 in 3.0.2 when the upgrade patch is released or > anyone upgrading could get affected. > > If the service/hosting provider wants to use a different hashing algorithm - > OR- none, he can create or configure CS to use that adapter. However, they > are responsible for informing their customer. > > Will > > ________________________________________ > From: Abhinandan Prateek [abhinandan.prat...@citrix.com] > Sent: Saturday, April 28, 2012 3:28 PM > To: Kevin Kluge; cloudstack-dev@incubator.apache.org > Subject: RE: user credntials > > The use of plaintext passwords in API is required for only those cloudstack > users who wish to use an external authentication mechanism and will be > documented. > The support for the encoded password has to be kept as is due to existing > users of cloudstack. > > > -----Original Message----- > From: Kevin Kluge > Sent: Sunday, April 29, 2012 1:09 AM > To: Abhinandan Prateek; cloudstack-dev@incubator.apache.org > Subject: RE: user credntials > > How would an API client know to use cleartext or MD5 hash? > > > > -----Original Message----- > > From: Abhinandan Prateek > > Sent: Saturday, April 28, 2012 7:56 AM > > To: Kevin Kluge; cloudstack-dev@incubator.apache.org > > Subject: RE: user credntials > > > > In 2.2.* we were passing MD5 encoded password via UI. For Acton it > > changed to unencrypted password as that was the only way to have > > external systems to authenticate cloudstack users for example external > LDAP. > > This is being reverted back to MD5 encoded password in 3.0.2 as it > > was. It will be left to the admin to configure this encryption > > mechanism in case LDAP is in use. > > > > -Abhi > > > > -----Original Message----- > > From: Kevin Kluge > > Sent: Saturday, April 28, 2012 8:16 PM > > To: Abhinandan Prateek; cloudstack-dev@incubator.apache.org > > Subject: RE: user credntials > > > > Abhi, is this a backwards incompatible API change? Also, what does it > mean > > for upgrade? > > > > I thought we always sent MD5 hashed passwords from UI to MS. Can you > > explain the change a bit more? > > > > -kevin > > > > > -----Original Message----- > > > From: Abhinandan Prateek > > > Sent: Saturday, April 28, 2012 12:14 AM > > > Subject: user credntials > > > > > > Team, > > > There has been a change in the way passwords are being passed > > > from the cloudstack UI. In case you have difficulty login with the > > > new 3.* build, clear your browser cache. If you are using API to > > > login then you need to provide > > > MD5 encrypted passwords to login instead of plaintext. In case you > > > still have issues drop me an email. > > > -Abhi
