[
https://issues.apache.org/jira/browse/CLOUDSTACK-2516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13663782#comment-13663782
]
Kishan Kavala commented on CLOUDSTACK-2516:
-------------------------------------------
Note for upgrade:
After upgrading to 4.1, API clients are expected to send plain text passwords
for login and user creation, instead of MD5 hash. Incase, api client changes
are not acceptable, following changes are to be made for backward compatibility:
1. Modify componentsContext.xml, and make PlainTextUserAuthenticator as the
default authenticator (1st entry in the userAuthenticators adapter list is
default)
<!-- Security adapters -->
<bean id="userAuthenticators" class="com.cloud.utils.component.AdapterList">
<property name="Adapters">
<list>
<ref bean="PlainTextUserAuthenticator"/>
<ref bean="MD5UserAuthenticator"/>
<ref bean="LDAPUserAuthenticator"/>
</list>
</property>
</bean>
PlainTextUserAuthenticator works the same way MD5UserAuthenticator worked prior
to 4.1.
> Create User API compability broken now
> --------------------------------------
>
> Key: CLOUDSTACK-2516
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2516
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Affects Versions: 4.1.0, 4.2.0
> Reporter: Chip Childers
> Assignee: Kishan Kavala
> Priority: Blocker
> Fix For: 4.1.0, 4.2.0
>
>
> From email thread:
> On Wed, May 15, 2013 at 04:22:14PM +0200, Ove Ewerlid wrote:
> > NB; The 402/410 deployments are on RHES64(OEL64) via RPMs built from
> > latest git repos.
> > /Ove
> >
> > On 05/15/2013 03:02 PM, Ove Ewerlid wrote:
> > >Hi!
> > >
> > >When testing a deploy script, that works as expected with 4.0.2, on 4.1
> > >I noticed that there was a need to pass plaintext passwords to
> > >createUser, rather then the documented MD5 hash. When passing MD5 hash,
> > >the password gets double MD5:hashed in 41.
> > >
> > >There is new code in 4.1 that encodes password using the authenticator
> > >plugins (encode method);
> > >
> > >cloudstack.4.1/server/src/com/cloud/user/AccountManagerImpl.java
> > >
> > > ...
> > > String encodedPassword = null;
> > > for (UserAuthenticator authenticator : _userAuthenticators) {
> > > encodedPassword = authenticator.encode(password);
> > > if (encodedPassword != null) {
> > > break;
> > > }
> > > }
> > > ...
> > >
> > >The 41 API docs still notes that an MD5 hash shall be passed in.
> > >What am I missing here?
> > >
> > >/Ove
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
