On 3/20/13 10:09 PM, "prasanna" <t...@apache.org> wrote: >> > >Thanks Vijay, I'm just wondering how does someone not dealing with the >UI know the auth mechanism to use? When login happens, when account >creation happens, or when api signing happens (unaffected?)? Is there >an API call that lists the authenticators in use on the deployment? So >the appropriate cipher can be applied at client side?
This applies to session-based authentication only (which is what the UI uses). The authenticators are chained so if the SHA256Salt auth fails the auth, it is passed to the MD5 authenticator. > >Also - could you list out a few tests that can be taken up to ensure >the feature is smoke tested. By that I mean - tests that will ensure >this feature isn't broken say when a new authenticator is used. I'm >looking to put them down as marvin tests.
