ctubbsii commented on issue #1788: URL: https://github.com/apache/accumulo/issues/1788#issuecomment-730437715
For reference, commons-digest can perform crypt(3)-compatible hashing: https://commons.apache.org/proper/commons-codec/apidocs/org/apache/commons/codec/digest/Crypt.html I suspect our custom algorithm is not possible to convert into something that is crypt(3)-compatible. However, if it is, then the ideal solution on upgrade is to convert our existing ZooKeeper stored hashes into this format. If that is not possible, then the next best solution would be to warn on startup and then do the convert-on-authentication, as described in https://github.com/apache/accumulo/pull/1787#issuecomment-729251958 The startup warning could look something like: `The password hash for user X is stored in an older format. It is recommended that X authenticate and change their password to convert to the new format.` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
