RE: login API with MD5 is not working

Thu, 17 Apr 2014 09:55:35 -0700 

Some authenticators such as LDAP need clear text passwords.

-----Original Message-----
From: Tejas Gadaria [mailto:refond.g...@gmail.com] 
Sent: Wednesday, April 16, 2014 8:36 PM
To: dev@cloudstack.apache.org
Subject: Re: login API with MD5 is not working

Hi Demetrius,

Thanks for explanation, I will try with https now.
Just for information, why did they change this from MD5 to plain text?

Regards,
Tejas


On Thu, Apr 17, 2014 at 1:03 AM, Demetrius Tsitrelis < 
demetrius.tsitre...@citrix.com> wrote:

> There is already an open bug
> (https://issues.apache.org/jira/browse/CLOUDSTACK-6311).  Essentially 
> the same wording for the password parameter should be used in login, 
> CreateUser, and UpdateUser: the password should be sent as clear text.
>
> -----Original Message-----
> From: Sebastien Goasguen [mailto:run...@gmail.com]
> Sent: Wednesday, April 16, 2014 12:16 PM
> To: dev@cloudstack.apache.org
> Subject: Re: login API with MD5 is not working
>
>
> On Apr 16, 2014, at 12:56 PM, Demetrius Tsitrelis 
> <demetrius.tsitre...@citrix.com> wrote:
>
> > One problem is that the API documentation 
> > (https://cloudstack.apache.org/docs/api/apidocs-4.3/root_admin/login
> > .h
> > tml) still says that the password should be hashed.  The docs are 
> > out of date; send the password in plain text.
>
> Demetrius, can you give me the correct description for the apidoc ?
> I can make that change.
>
> >
> > And - think about security.  DON'T use HTTP GET or the query 
> > parameters you send will be saved in the caches of all intermediate 
> > servers.  Also DO use HTTPS.
> >
> > -----Original Message-----
> > From: Tejas Gadaria [mailto:refond.g...@gmail.com]
> > Sent: Tuesday, April 15, 2014 2:02 AM
> > To: dev@cloudstack.apache.org
> > Subject: login API with MD5 is not working
> >
> > Hi,
> >
> > I am trying to login in to CS 4.3 though login API.
> >
> > I am passing MD5 hash (1st) in password that works fine with CS 
> > 4.0.2 but same doesn't works well with CS 4.3. Then I try to pass 
> > password in plain text (
> > 2nd) & it worked, Is this a bug?
> >
> > Both APIs are given below,
> >
> >
> > 1)
> > http://10.129.151.55:8080/client/api?&command=login&username=admin&p
> > as
> > sword=5f4dcc3b5aa765d61d8327deb882cf99
> >
> >
> > 2)
> > http://10.129.151.55:8080/client/api?&command=login&username=admin&p
> > as
> > sword=password
> >
> > Regards,
> > Tejas
>
>

Reply via email to