Hi Kishan!
Did you verify that adding the plain text authenticator will not allow
login using the hash value itself?
from AccountManagerImpl.java;
... getUserAccount ...
...
boolean authenticated = false;
for(UserAuthenticator authenticator : _userAuthenticators) {
if (authenticator.authenticate(username, password,
domainId, requestParameters)) {
authenticated = true;
break;
}
}
...
/Ove
On 05/16/2013 12:39 PM, Kishan Kavala wrote:
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11194/
-----------------------------------------------------------
Review request for cloudstack and Chip Childers.
Summary (updated)
-----------------
Added PlainTextAuthenticator
Description (updated)
-------
Added PlainTextAuthenticator for backward compatibility. Removed MD5 auth from
PlainTextAuthenticator. It just does plain text compare.
This addresses bug CLOUDSTACK-2516.
Diffs (updated)
-----
client/tomcatconf/applicationContext.xml.in 849c0bc
client/tomcatconf/componentContext.xml.in ecd4a11
plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java
52e7cb3
Diff: https://reviews.apache.org/r/11194/diff/
Testing (updated)
-------
Tested login with password sent as both MD5 hash and plaintext
Thanks,
Kishan Kavala
--
Ove Everlid
System Administrator / Architect / SDN & Linux hacker
Mobile: +46706662363
Office: +4618656913 (note EMEA Time Zone)
