RE: password hash

Santhosh Edukulla Tue, 24 Dec 2013 22:59:17 -0800

1. you are using "login" command to verify your account created through 
"createAccount"?



2. The API description for "login" mentions below. See the description for 
argument password.

<command>
    <name>login</name>
    <description>Logs a user into the CloudStack. A successful login attempt 
will generate a JSESSIONID cookie value that can be passed in subsequent Query 
command calls until the &quot;logout&quot; command has been issued or the 
session has expired.</description>
    <isAsync>false</isAsync>
    <request>
      <arg>
        <name>username</name>
        <description>Username</description>
        <required>true</required>
      </arg>
      <arg>
        <name>password</name>
        <description>Hashed password (Default is MD5). If you wish to use any 
other hashing algorithm, you would need to write a custom authentication 
adapter See Docs section.</description>
        <required>true</required>
      </arg>
      <arg>
        <name>domain</name>
        <description>path of the domain that the user belongs to. Example: 
domain=/com/cloud/internal.  If no domain is passed in, the ROOT domain is 
assumed.</description>
        <required>false</required>
      </arg>
      <arg>
        <name>domainId</name>
        <description>id of the domain that the user belongs to. If both domain 
and domainId are passed in, &quot;domainId&quot; parameter takes 
precendence</description>
        <required>false</required>
      </arg>
    </request>

3. What happens if you just pass the password as it is to "login" cmd? This is 
what got captured in firebug, when i logged in to CS. Here, password is 
"password" for account "abc".

command login
domain  /
password        password
response        json
username        abc

Santhosh
________________________________________
From: Salar Darwish [salardarw...@gmail.com]
Sent: Tuesday, December 24, 2013 3:51 PM
To: users@cloudstack.apache.org
Subject: password hash

Hello all,

I have a php web interface and i related the interface to the cloudstack
database with the creataccount api. Now i am getting problems when I try to
log in to this web interface.it seems to be a hash problem. I am hashing
the password as below:

$password = hash(sha256 ,$_POST['password']);

but still can not login. Is this the right hash algorithm i am using?

Kind regards and merry christmas!

*Salar*

RE: password hash

Reply via email to