I didn't even think about allowing password transition to be done like
this. I figured I'd need to at least reset passwords but you're right.
The password is available in plain text during sign in so this would
probably be a more ideal approach.
On 07/16/2018 10:56 PM, Jean Helou wrote:
Please first note that users' passwords are stored hashed in James thus
you would need anyway to change all passwords if you want to change
hashing algorithm.
How about making this technical transition transparent for the end user?
For a period support both hashing : the new one as the primary the old one
as a fallback. Each time a password uses the fallback the hash of the same
string is computed and replaced the old hash in the database...
This way you get seamless migration.
This is what play framework did when they switched crypto cypher for
session signing
However, when using ADMIN API / CLI API, the algorithm is not change to
the latest one. I believe it should be the case (thus allowing rolling
hash algorithm upgrades).
I created this ticket, summing up the issue:
https://issues.apache.org/jira/browse/JAMES-2471
Do you want to give it a try? Contributions would be very welcome on
this topic, and I can offer you help if need be.
Cheers,
Benoit Tellier
Le 16/07/2018 à 23:20, Ashton Holmes a écrit :
I recently changed my passwords to be hashed with SHA-512 however this
change seems to only apply to new users and not when an existing user
changes their password. Is there any way to make it apply when an
existing user changes their password?
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
