Support for multiple user password encryptions
----------------------------------------------
Key: CLEREZZA-421
URL: https://issues.apache.org/jira/browse/CLEREZZA-421
Project: Clerezza
Issue Type: New Feature
Reporter: Daniel Spicar
We have an issue when we import users from a different system to clerezza. The
users have passwords encrypted in SSHA (not SHA-1 as clerezza uses). We do not
have their clear-text passwords.
Now I wonder how would you best enable clerezza to support logins with
different password encoding methods. Most likely a single user will only use
one encoding but different users can have different encodings.
I have seen you have WeightedAutenicationMethod services. But if I interpret
this correctly it won't solve my issue. I assume I am looking for a way to
register multiple AutenticationChecker services such that passwords can be
checked against more than one of them. I don't see this implemented so far.
Some questions with this would be:
- do we simply add new properties for differently encoded passwords
(passwordSsha, passwordSha1, ...) or do we change the ontology so a password
resource contains both, the encrypted string as a literal and a uri designating
the password encoding method?
- can the user have more than one such password resources (the password encoded
in multiple encryption methods)?
- how to update user passwords? (e.g. delete all passwords and add a new one in
the default encoding of the platform)
I could provide a patch for this issue but we should define how we want to
resolve it first.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
