Re: [controller-dev] karaf user validation query

Fri, 08 Jun 2018 05:49:07 -0700 

I recommend you engage upstream Apache Karaf;  they maintain and are
familiar with those modules.  They are not written nor maintained by ODL
Developers.

HTH.

Regards,

Ryan Goulding

On Fri, Jun 8, 2018 at 6:37 AM, Steubert Ebenezer <
steuber...@altencalsoftlabs.com> wrote:

> Hi Ryan,
>
>
>
> Thanks for your response.
>
>
>
> We need to salt and hash the karaf CLI user passwords.
>
>
>
> We installed jasypt (feature:install jasypt) on controller and modified
> [karf.dir]/etc/org.apache.karaf.jaas.cfg as below.
>
> encryption.name = jasypt
>
> encryption.saltSizeBytes = 16
>
>
>
> Now we created two new karaf CLI users with same password.
>
> opendaylight-user@root>jaas:user-add steubert karaf
>
> opendaylight-user@root>jaas:user-add kathir karaf
>
> opendaylight-user@root>jaas:update
>
>
>
> Now if we check user [karf.dir]/etc/users.properties file we see the
> encrypted passwords are different
>
> steubert = {CRYPT}PH/RiJ/ZH2ss0TyKt/zY0qlrnYSHfCUsg4K3SODMfeQGDUD0
> fa944UKpJtQqxHyxf/8O66+Pyspk6SckxJswEza+sW+cIZ7U{CRYPT}
>
> kathir = {CRYPT}jqR3DDw6+RRuAbImxj46w4uunR3gLTENWi1JGzhcVr+ka1S9Tq1qFafGR/
> FyIc9FQGhGF7NyyGkqPf/gJKff45zbqvAEYaJZ{CRYPT}
>
>
>
> We have below questions on this.
>
>    1. How can we ensure if salting is happening here
>    2. Where are the salts stored
>    3. How does the login module authenticate the users if the salts are
>    not stored
>
>
>
> Regards,
>
> Steubert.
>
>
>
> *From:* Ryan Goulding <ryandgould...@gmail.com>
> *Sent:* 07 June 2018 20:24
> *To:* Nishchya Gupta <nishch...@altencalsoftlabs.com>
> *Cc:* controller-dev@lists.opendaylight.org; odl netvirt dev <
> netvirt-...@lists.opendaylight.org>; genius-...@lists.opendaylight.org;
> kathirve...@altencalsoftlabs.com; vijay.dan...@ericsson.com;
> steuber...@altencalsoftlabs.com; shashidh...@altencalsoftlabs.com
> *Subject:* Re: [controller-dev] karaf user validation query
>
>
>
> For karaf CLI or RESTCONF?
>
>
>
> karaf cli is managed through system.properties and other files in
> KARAF_ROOT/etc.
>
>
>
> HTH.
>
>
> Regards,
>
> Ryan Goulding
>
>
>
> On Thu, Jun 7, 2018 at 6:40 AM, Nishchya Gupta <
> nishch...@altencalsoftlabs.com> wrote:
>
> Hi,
>
>
>
> In apache/karaf for user validations we understood hashing has been used.
>
> Is there anyway or configuration change, to have this salted and hashed?
>
>
>
>
>
> Regards,
>
> Nishchya
>
>
> _______________________________________________
> controller-dev mailing list
> controller-dev@lists.opendaylight.org
> https://lists.opendaylight.org/mailman/listinfo/controller-dev
>
>
>

_______________________________________________
controller-dev mailing list
controller-dev@lists.opendaylight.org
https://lists.opendaylight.org/mailman/listinfo/controller-dev

Reply via email to