On 05/16/2013 02:16 PM, Kishan Kavala wrote:
Ove,
Plain text authenticator will allow logging using the hash value. Or else,
clients sending MD5 hash will fail to login. This is primarily for backward
compatibility.
To avoid logging in using has value itself, plain text authenticator can be
removed from auth adapter list, provided the client sends plain text instead of
hash.
I'm not seeing the plain-text authenticator in ACS4.0 list of
authenticators (components.xml). MD5 and LDAP are listed. Help me out,
where in ACS4.0 is the code to allow login using the password hash itself?
/Ove
~kishan
-----Original Message-----
From: Ove Ewerlid [mailto:ove.ewer...@oracle.com]
Sent: Thursday, 16 May 2013 5:33 PM
To: dev@cloudstack.apache.org; Kishan Kavala
Subject: Re: Review Request: Added PlainTextAuthenticator
Hi Kishan!
Did you verify that adding the plain text authenticator will not allow login
using the hash value itself?
from AccountManagerImpl.java;
... getUserAccount ...
...
boolean authenticated = false;
for(UserAuthenticator authenticator : _userAuthenticators) {
if (authenticator.authenticate(username, password,
domainId, requestParameters)) {
authenticated = true;
break;
}
}
...
/Ove
On 05/16/2013 12:39 PM, Kishan Kavala wrote:
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11194/
-----------------------------------------------------------
Review request for cloudstack and Chip Childers.
Summary (updated)
-----------------
Added PlainTextAuthenticator
Description (updated)
-------
Added PlainTextAuthenticator for backward compatibility. Removed MD5
auth from PlainTextAuthenticator. It just does plain text compare.
This addresses bug CLOUDSTACK-2516.
Diffs (updated)
-----
client/tomcatconf/applicationContext.xml.in 849c0bc
client/tomcatconf/componentContext.xml.in ecd4a11
plugins/user-authenticators/plain-
text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java 52e7cb3
Diff: https://reviews.apache.org/r/11194/diff/
Testing (updated)
-------
Tested login with password sent as both MD5 hash and plaintext
Thanks,
Kishan Kavala
--
Ove Everlid
System Administrator / Architect / SDN & Linux hacker
Mobile: +46706662363
Office: +4618656913 (note EMEA Time Zone)
--
Ove Everlid
System Administrator / Architect / SDN & Linux hacker
Mobile: +46706662363
Office: +4618656913 (note EMEA Time Zone)