> -----Original Message----- > From: Ove Ewerlid [mailto:ove.ewer...@oracle.com] > Sent: Thursday, 16 May 2013 6:25 PM > To: dev@cloudstack.apache.org > Subject: Re: Review Request: Added PlainTextAuthenticator > > On 05/16/2013 02:16 PM, Kishan Kavala wrote: > > Ove, > > Plain text authenticator will allow logging using the hash value. Or > > else, > clients sending MD5 hash will fail to login. This is primarily for backward > compatibility. > > To avoid logging in using has value itself, plain text authenticator can be > removed from auth adapter list, provided the client sends plain text instead > of hash. > > I'm not seeing the plain-text authenticator in ACS4.0 list of authenticators > (components.xml). MD5 and LDAP are listed. Help me out, where in ACS4.0 is > the code to allow login using the password hash itself? > > /Ove
I checked 4.0 code. plain-text authenticator is not in components.xml but it is part of the code. plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java It does MD5 has compare instead of plain text (don't know why), so it may not serve u'r purpose even after adding it to components.xml > > > > ~kishan > > > >> -----Original Message----- > >> From: Ove Ewerlid [mailto:ove.ewer...@oracle.com] > >> Sent: Thursday, 16 May 2013 5:33 PM > >> To: dev@cloudstack.apache.org; Kishan Kavala > >> Subject: Re: Review Request: Added PlainTextAuthenticator > >> > >> Hi Kishan! > >> > >> Did you verify that adding the plain text authenticator will not > >> allow login using the hash value itself? > >> > >> > >> from AccountManagerImpl.java; > >> ... getUserAccount ... > >> ... > >> boolean authenticated = false; > >> for(UserAuthenticator authenticator : _userAuthenticators) { > >> if (authenticator.authenticate(username, password, > >> domainId, requestParameters)) { > >> authenticated = true; > >> break; > >> } > >> } > >> ... > >> > >> /Ove > >> > >> On 05/16/2013 12:39 PM, Kishan Kavala wrote: > >>> > >>> ----------------------------------------------------------- > >>> This is an automatically generated e-mail. To reply, visit: > >>> https://reviews.apache.org/r/11194/ > >>> ----------------------------------------------------------- > >>> > >>> Review request for cloudstack and Chip Childers. > >>> > >>> > >>> Summary (updated) > >>> ----------------- > >>> > >>> Added PlainTextAuthenticator > >>> > >>> > >>> Description (updated) > >>> ------- > >>> > >>> Added PlainTextAuthenticator for backward compatibility. Removed > MD5 > >> auth from PlainTextAuthenticator. It just does plain text compare. > >>> > >>> > >>> This addresses bug CLOUDSTACK-2516. > >>> > >>> > >>> Diffs (updated) > >>> ----- > >>> > >>> client/tomcatconf/applicationContext.xml.in 849c0bc > >>> client/tomcatconf/componentContext.xml.in ecd4a11 > >>> plugins/user-authenticators/plain- > >> text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java > >> 52e7cb3 > >>> > >>> Diff: https://reviews.apache.org/r/11194/diff/ > >>> > >>> > >>> Testing (updated) > >>> ------- > >>> > >>> Tested login with password sent as both MD5 hash and plaintext > >>> > >>> > >>> Thanks, > >>> > >>> Kishan Kavala > >>> > >>> > >> > >> > >> -- > >> Ove Everlid > >> System Administrator / Architect / SDN & Linux hacker > >> Mobile: +46706662363 > >> Office: +4618656913 (note EMEA Time Zone) > > > -- > Ove Everlid > System Administrator / Architect / SDN & Linux hacker > Mobile: +46706662363 > Office: +4618656913 (note EMEA Time Zone)
