ctubbsii commented on issue #1788: URL: https://github.com/apache/accumulo/issues/1788#issuecomment-730474608
Also, I was able to verify that we cannot naively convert our existing hashes to the crypt(3) format on upgrade, because we use an unconstrained 8 byte salt, but the crypt(3) format (at least, as implemented by commons-codec) is constrained to choosing a salt from the B64T character set. We could, in theory, encode our current hashes to the proper String encoding, but the constraint on the salt bytes is a blocker. So, the only path forward would be to convert on authenticate, and generate a new salt. At least, we can use the same ZooKeeper node, since we now know the length will be different, and there won't be any overlap with the old format. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
