Re: [controller-dev] karaf user validation query

Fri, 08 Jun 2018 07:12:02 -0700 

Hi Ryan,

 

Thanks for your response.

 

We need to salt and hash the karaf CLI user passwords. 

 

We installed jasypt (feature:install jasypt) on controller and modified 
[karf.dir]/etc/org.apache.karaf.jaas.cfg as below.

encryption.name = jasypt

encryption.saltSizeBytes = 16

 

Now we created two new karaf CLI users with same password.

opendaylight-user@root>jaas:user-add steubert karaf

opendaylight-user@root>jaas:user-add kathir karaf

opendaylight-user@root>jaas:update

 

Now if we check user [karf.dir]/etc/users.properties file we see the encrypted 
passwords are different

steubert = 
{CRYPT}PH/RiJ/ZH2ss0TyKt/zY0qlrnYSHfCUsg4K3SODMfeQGDUD0fa944UKpJtQqxHyxf/8O66+Pyspk6SckxJswEza+sW+cIZ7U{CRYPT}

kathir = 
{CRYPT}jqR3DDw6+RRuAbImxj46w4uunR3gLTENWi1JGzhcVr+ka1S9Tq1qFafGR/FyIc9FQGhGF7NyyGkqPf/gJKff45zbqvAEYaJZ{CRYPT}

 

We have below questions on this.

1.      How can we ensure if salting is happening here
2.      Where are the salts stored 
3.      How does the login module authenticate the users if the salts are not 
stored

 

Regards,

Steubert.

 

From: Ryan Goulding <[email protected]> 
Sent: 07 June 2018 20:24
To: Nishchya Gupta <[email protected]>
Cc: [email protected]; odl netvirt dev 
<[email protected]>; [email protected]; 
[email protected]; [email protected]; 
[email protected]; [email protected]
Subject: Re: [controller-dev] karaf user validation query

 

For karaf CLI or RESTCONF?

 

karaf cli is managed through system.properties and other files in 
KARAF_ROOT/etc.

 

HTH.




Regards,

Ryan Goulding

 

On Thu, Jun 7, 2018 at 6:40 AM, Nishchya Gupta <[email protected] 
<mailto:[email protected]> > wrote:

Hi,

 

In apache/karaf for user validations we understood hashing has been used.

Is there anyway or configuration change, to have this salted and hashed?

 

 

Regards,

Nishchya


_______________________________________________
controller-dev mailing list
[email protected] 
<mailto:[email protected]> 
https://lists.opendaylight.org/mailman/listinfo/controller-dev

 


_______________________________________________
controller-dev mailing list
[email protected]
https://lists.opendaylight.org/mailman/listinfo/controller-dev

Reply via email to