On 03/07/2012 16:21, Bob Lannoy wrote:
Hi,
I've invested some time in adapting the password storage mechanism in Syncope.
With what I did it's now possible to have salted & stretched passwords
with the algorithms already supported, using the Jasypt lib and also
another algorithm called BCrypt (present in Spring Crypto).
Although there are also password digest algorithms in Spring I opted
to use Jasypt. Jasypt also does LDAP style password hashing which
could be interesting if people want to sync passwords with an LDAP.
However I didn't add this algorithm for the moment.
The old algorithms are still supported.
Additionally I added the possiblity to do the same for the admin user.
This means a change in SecurityContext & security.properties for those
who want to benefit from this, but it's still backwards compatible.
Do I add all my stuff as a patch in Jira to the password ticket
(Apache jira down?) so someone can review what I did?
Hi Bob,
this sounds *really* interesting!
I'm also struggling with JIRA since yesterday, so I think you have to
wait a bit...
Anyway, you can add your patch to SYNCOPE-100, that is scheduled in
roadmap for next major release (1.1.0 Ad libitum): as soon as everything
is setup for this new version (JIRA & SVN) we will be glad to review and
apply your patch.
Thanks for your involvement and contribution!
Regards.
--
Francesco Chicchiriccò
ASF Member, Apache Cocoon PMC and Apache Syncope PPMC Member
http://people.apache.org/~ilgrosso/
