This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch 2_1_X in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 3f3b4a0636b75a08360c30620ed4d61affb9a3ae Author: Colm O hEigeartaigh <cohei...@users.noreply.github.com> AuthorDate: Wed May 26 07:42:57 2021 +0100 Updating the docs to make it clear that SHA1 is not the default algorithm anymore for the admin password (#267) --- src/main/asciidoc/getting-started/movingForward.adoc | 2 +- .../systemadministration/configurationparameters.adoc | 2 +- .../systemadministration/setadmincredentials.adoc | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc index 1834986..e67373a 100644 --- a/src/main/asciidoc/getting-started/movingForward.adoc +++ b/src/main/asciidoc/getting-started/movingForward.adoc @@ -34,7 +34,7 @@ various security properties have been changed to values specific to your deploym The following values must be changed from the defaults in the `security.properties` file: -* *adminPassword* - The SHA1 hash evaluation of the cleartext password, the default value of which is "password". +* *adminPassword* - The cleartext password as encoded per the "adminPasswordAlgorithm" value (SSHA256 by default), the default value of which is "password". * *secretKey* - The secret key value used for AES ciphering. Only required if either: ** the value for "*adminPasswordAlgorithm*" is "AES" or ** the configuration parameter "password.cipher.algorithm" is changed to "AES" (See section 4.6.14 "Configuration Parameters" of diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/configurationparameters.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/configurationparameters.adoc index 5aa46a5..5dedb84 100644 --- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/configurationparameters.adoc +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/configurationparameters.adoc @@ -26,7 +26,7 @@ barely invoking the REST layer through http://curl.haxx.se/[curl^]: algorithms include `SHA-1`, `SHA-256`, `SHA-512`, `AES`, `S-MD5`, `S-SHA-1`, `S-SHA-256`, `S-SHA-512` and `BCRYPT`; salting options are available in the `security.properties` file; [WARNING] -The value of the `secretKey` property in the `security.properties` file is used for AES-based encryption / decription. +The value of the `secretKey` property in the `security.properties` file is used for AES-based encryption / decryption. Besides password values, this is also used whenever reversible encryption is needed, throughout the whole system. + When the `secretKey` value has length less than 16, it is right-padded by random characters during startup, to reach such mininum value. + diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/setadmincredentials.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/setadmincredentials.adoc index 7a77099..9618da2 100644 --- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/setadmincredentials.adoc +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/setadmincredentials.adoc @@ -25,8 +25,8 @@ The credentials are defined in the `security.properties` file; text encoding mus * `adminUser` - administrator username (default `admin`) * `adminPassword` - administrator password (default `password`)'s hashed value -* `adminPasswordAlgorithm` - algorithm to be used for hash evaluation (default `SHA1`, others as -`SHA256`, `SHA512`, `SMD5`, `SSHA1`, `SSHA256`, `SSHA512` and `BCRYPT` are supported) +* `adminPasswordAlgorithm` - algorithm to be used for hash evaluation (default `SSHA256`, also supported are +`SHA1`, `SHA256`, `SHA512`, `SMD5`, `SSHA1`, `SSHA512` and `BCRYPT`) .Generate SHA1 password value on GNU / Linux ====