[
https://issues.apache.org/jira/browse/SLING-2304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13159083#comment-13159083
]
Eric Norman commented on SLING-2304:
------------------------------------
You are probably right about that.
We could pass the plain text password to jackrabbit and it would get
automatically digested using the default digest algorithm (hardcoded as sha1).
The only thing we would lose is that we wouldn't be able to change the digest
algorithm to something else on the fly. Jackrabbit doesn't seem to provide a
way to configure the digest algorithm, but that is probably something that
should be addressed in jackrabbit instead of in sling.
> Consolidate the password digesting configuration for JCR users
> --------------------------------------------------------------
>
> Key: SLING-2304
> URL: https://issues.apache.org/jira/browse/SLING-2304
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR Jackrabbit User Manager 2.2.0, JCR ContentLoader
> 2.1.2
> Reporter: Eric Norman
> Assignee: Eric Norman
>
> If the jackrabbit user password digest algorithm configuration needs to be
> changed., the configuration has to be done in several places. We should
> consolidate by creating a new PasswordDigester service that can be configured
> once and used by all the places that need it.
> These places currently digest passwords for JCR users:
> 1. Adding users during Content Import (sling.jcr.contentloader)
> 2. Creating new users with the sling.jackrabbit.usermanager service or
> servlet
> 3. Updating user password with the sling.jackrabbit.usermanager service or
> servlet
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
