Thanks Dan. Yes I am aware it’s not so secure, I am just trying to meet the company policy of not directly hardcode the password in a file, encrypted password will be ok :). I will implement the AuthInitialize.
> On Dec 26, 2017, at 1:34 PM, Dan Smith <[email protected]> wrote: > > Hi Sudhir, > > You can do pretty much anything you want by implementing your own > AuthInitialize on the client. The AuthInitialize generates the credentials to > send to the server. So for example you could implement an AuthInitialize that > reads and encrypted password, decrypts it, and sends it to the server. > > Encrypting your password won't make your system more secure unless you are > using something other than a file to store your encryption key though. If > your encryption key is just in a file than an attacker just needs to steal > that file as well. > > -Dan > >> On Tue, Dec 26, 2017 at 10:45 AM, Sudhir Babu Pothineni >> <[email protected]> wrote: >> It seems password encrypt/decrypt is deprecated Apache geode 1.3. >> >> What is the alternative if I want hardcore encrypted password in a >> configuration file of geode client implementation? >> >> Thanks >> Sudhir >> >>> On Dec 22, 2017, at 12:35 PM, Jens Deppe <[email protected]> wrote: >>> >>> Great. Thanks for the feedback about the documentation! >>> >>> --Jens >>> >>>> On Fri, Dec 22, 2017 at 10:27 AM, Sudhir Babu Pothineni >>>> <[email protected]> wrote: >>>> Thanks Jens! Its working. >>>> >>>> I think in the doc these three parameter should be mentioned together >>>> somewhere, Otherwise its not intuitive, although there is lot of >>>> description around SecurityManager. >>>> >>>> security-manager=org.apache.geode.examples.SimpleSecurityManager >>>> security-username=admin >>>> security-password=xyz1234 >>>> >>>>> On Fri, Dec 22, 2017 at 10:36 AM, Jens Deppe <[email protected]> wrote: >>>>> Hi Sudhir, >>>>> >>>>> You should find two sample SecurityManagers in the code. >>>>> >>>>> The first is org.apache.geode.examples.SimpleSecurityManager [1]. This >>>>> manager will simply compare the username/password and authenticate if >>>>> they match. In addition if the username matches a required permission, >>>>> then the request is also authorized. For example, if the credentials are >>>>> 'admin/xyz1234' then it will never authenticate. If the credentials are >>>>> 'dataRead/dataRead' then the user would be authenticated for all >>>>> operations requiring DATA:READ permissions. Although it's simplistic, >>>>> this manager is very useful for testing your whole flow and validating >>>>> specific permissions for various operations. >>>>> >>>>> The other SecurityManager provided is >>>>> org.apache.geode.examples.security.ExampleSecurityManager [2]. This >>>>> manager takes as input a JSON file which maps users -> roles -> >>>>> permissions. The javadoc has examples of using this [3]. >>>>> >>>>> --Jens >>>>> >>>>> [1] >>>>> https://github.com/apache/geode/blob/develop/geode-core/src/main/java/org/apache/geode/examples/SimpleSecurityManager.java >>>>> [2] >>>>> https://github.com/apache/geode/blob/develop/geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java >>>>> [3] >>>>> http://geode.apache.org/releases/latest/javadoc/org/apache/geode/examples/security/ExampleSecurityManager.html >>>>> >>>>>> On Fri, Dec 22, 2017 at 7:55 AM, Sudhir Babu Pothineni >>>>>> <[email protected]> wrote: >>>>>> let me extend my question: >>>>>> >>>>>> Does Geode has any Default/SimpleSecurityManager implementation? >>>>>> >>>>>>> On Fri, Dec 22, 2017 at 9:15 AM, Sudhir Babu Pothineni >>>>>>> <[email protected]> wrote: >>>>>>> I am working on Geode(1.2) authentication. According to the doc, >>>>>>> https://geode.apache.org/docs/guide/12/managing/security/implementing_authentication.html >>>>>>> >>>>>>> I put gfsecurity.properties: >>>>>>> security-username=admin >>>>>>> security-password=xyz1234 >>>>>>> Any other parameters needed? >>>>>>> >>>>>>> because of some reason Geode working without authentication, >>>>>>> gfsecurity.properties is in the class path. I am expecting JMX manager >>>>>>> also should work on these credentials. >>>>>>> >>>>>>> Thanks for the help >>>>>>> Sudhir >>>>>> >>>>> >>>> >>> >
