Re: [controller-dev] karaf user validation query

Fri, 08 Jun 2018 07:12:02 -0700 

Hi Ryan,

 

Thanks for your response.

 

We need to salt and hash the karaf CLI user passwords. 

 

We installed jasypt (feature:install jasypt) on controller and modified 
[karf.dir]/etc/org.apache.karaf.jaas.cfg as below.

encryption.name = jasypt

encryption.saltSizeBytes = 16

 

Now we created two new karaf CLI users with same password.

opendaylight-user@root>jaas:user-add steubert karaf

opendaylight-user@root>jaas:user-add kathir karaf

opendaylight-user@root>jaas:update

 

Now if we check user [karf.dir]/etc/users.properties file we see the encrypted 
passwords are different

steubert = 
{CRYPT}PH/RiJ/ZH2ss0TyKt/zY0qlrnYSHfCUsg4K3SODMfeQGDUD0fa944UKpJtQqxHyxf/8O66+Pyspk6SckxJswEza+sW+cIZ7U{CRYPT}

kathir = 
{CRYPT}jqR3DDw6+RRuAbImxj46w4uunR3gLTENWi1JGzhcVr+ka1S9Tq1qFafGR/FyIc9FQGhGF7NyyGkqPf/gJKff45zbqvAEYaJZ{CRYPT}

 

We have below questions on this.

1.      How can we ensure if salting is happening here
2.      Where are the salts stored 
3.      How does the login module authenticate the users if the salts are not 
stored

 

Regards,

Steubert.

 

From: Ryan Goulding <ryandgould...@gmail.com> 
Sent: 07 June 2018 20:24
To: Nishchya Gupta <nishch...@altencalsoftlabs.com>
Cc: controller-dev@lists.opendaylight.org; odl netvirt dev 
<netvirt-...@lists.opendaylight.org>; genius-...@lists.opendaylight.org; 
kathirve...@altencalsoftlabs.com; vijay.dan...@ericsson.com; 
steuber...@altencalsoftlabs.com; shashidh...@altencalsoftlabs.com
Subject: Re: [controller-dev] karaf user validation query

 

For karaf CLI or RESTCONF?

 

karaf cli is managed through system.properties and other files in 
KARAF_ROOT/etc.

 

HTH.




Regards,

Ryan Goulding

 

On Thu, Jun 7, 2018 at 6:40 AM, Nishchya Gupta <nishch...@altencalsoftlabs.com 
<mailto:nishch...@altencalsoftlabs.com> > wrote:

Hi,

 

In apache/karaf for user validations we understood hashing has been used.

Is there anyway or configuration change, to have this salted and hashed?

 

 

Regards,

Nishchya


_______________________________________________
controller-dev mailing list
controller-dev@lists.opendaylight.org 
<mailto:controller-dev@lists.opendaylight.org> 
https://lists.opendaylight.org/mailman/listinfo/controller-dev

 


_______________________________________________
controller-dev mailing list
controller-dev@lists.opendaylight.org
https://lists.opendaylight.org/mailman/listinfo/controller-dev

Reply via email to