Thanks Demetrius!
On Thu, Apr 17, 2014 at 10:24 PM, Demetrius Tsitrelis < demetrius.tsitre...@citrix.com> wrote: > Some authenticators such as LDAP need clear text passwords. > > -----Original Message----- > From: Tejas Gadaria [mailto:refond.g...@gmail.com] > Sent: Wednesday, April 16, 2014 8:36 PM > To: dev@cloudstack.apache.org > Subject: Re: login API with MD5 is not working > > Hi Demetrius, > > Thanks for explanation, I will try with https now. > Just for information, why did they change this from MD5 to plain text? > > Regards, > Tejas > > > On Thu, Apr 17, 2014 at 1:03 AM, Demetrius Tsitrelis < > demetrius.tsitre...@citrix.com> wrote: > > > There is already an open bug > > (https://issues.apache.org/jira/browse/CLOUDSTACK-6311). Essentially > > the same wording for the password parameter should be used in login, > > CreateUser, and UpdateUser: the password should be sent as clear text. > > > > -----Original Message----- > > From: Sebastien Goasguen [mailto:run...@gmail.com] > > Sent: Wednesday, April 16, 2014 12:16 PM > > To: dev@cloudstack.apache.org > > Subject: Re: login API with MD5 is not working > > > > > > On Apr 16, 2014, at 12:56 PM, Demetrius Tsitrelis > > <demetrius.tsitre...@citrix.com> wrote: > > > > > One problem is that the API documentation > > > (https://cloudstack.apache.org/docs/api/apidocs-4.3/root_admin/login > > > .h > > > tml) still says that the password should be hashed. The docs are > > > out of date; send the password in plain text. > > > > Demetrius, can you give me the correct description for the apidoc ? > > I can make that change. > > > > > > > > And - think about security. DON'T use HTTP GET or the query > > > parameters you send will be saved in the caches of all intermediate > > > servers. Also DO use HTTPS. > > > > > > -----Original Message----- > > > From: Tejas Gadaria [mailto:refond.g...@gmail.com] > > > Sent: Tuesday, April 15, 2014 2:02 AM > > > To: dev@cloudstack.apache.org > > > Subject: login API with MD5 is not working > > > > > > Hi, > > > > > > I am trying to login in to CS 4.3 though login API. > > > > > > I am passing MD5 hash (1st) in password that works fine with CS > > > 4.0.2 but same doesn't works well with CS 4.3. Then I try to pass > > > password in plain text ( > > > 2nd) & it worked, Is this a bug? > > > > > > Both APIs are given below, > > > > > > > > > 1) > > > http://10.129.151.55:8080/client/api?&command=login&username=admin&p > > > as > > > sword=5f4dcc3b5aa765d61d8327deb882cf99 > > > > > > > > > 2) > > > http://10.129.151.55:8080/client/api?&command=login&username=admin&p > > > as > > > sword=password > > > > > > Regards, > > > Tejas > > > > >
