Hi,
We need to salt and hash the karaf CLI user passwords.
We installed jasypt (feature:install jasypt) on opendaylight controller and
modified [karf.dir]/etc/org.apache.karaf.jaas.cfg as below.
encryption.name = jasypt
encryption.saltSizeBytes = 16
Now we created two new karaf CLI users with the same password.
opendaylight-user@root>jaas:user-add steubert karaf
opendaylight-user@root>jaas:user-add kathir karaf
opendaylight-user@root>jaas:update
Now if we check [karf.dir]/etc/users.properties file we see the encrypted
passwords are different
steubert =
{CRYPT}PH/RiJ/ZH2ss0TyKt/zY0qlrnYSHfCUsg4K3SODMfeQGDUD0fa944UKpJtQqxHyxf/8O6
6+Pyspk6SckxJswEza+sW+cIZ7U{CRYPT}
kathir =
{CRYPT}jqR3DDw6+RRuAbImxj46w4uunR3gLTENWi1JGzhcVr+ka1S9Tq1qFafGR/FyIc9FQGhGF
7NyyGkqPf/gJKff45zbqvAEYaJZ{CRYPT}
We have below questions on this.
* How can we ensure if salting is happening here
* Where are the salts stored
* How does the login module authenticate the users if the salts are
not stored in any of the files
Thanks,
Steubert.
M: +91 9620610073
