epugh commented on code in PR #3301: URL: https://github.com/apache/solr/pull/3301#discussion_r2032926677
########## solr/solr-ref-guide/modules/deployment-guide/pages/basic-authentication-plugin.adoc: ########## @@ -81,6 +81,14 @@ If `realm` is not defined, it will default to `solr`. If you are using SolrCloud, you must upload `security.json` to ZooKeeper. An example command and more information about securing your setup can be found at xref:authentication-and-authorization-plugins#in-a-solrcloud-cluster[Authentication and Authorization Plugins In a SolrCloud Cluster]. +=== Password Encoding + +Solr stores the passwords in the format: `base64(sha256(sha256(salt+password))) base64(salt)`. + +If you edit `security.json` directly then you need to encode the password yourself. +You can visit https://clemente-biondo.github.io/ to use a simple web utility that does the encoding for you. Review Comment: I think you are right.... sigh! thanks for the feedback. Okay, I think I am leaning towards ref guide. I didn't find a logical place in the website.. I don't want to add it to our admin as I want to see that go away, not expand ;-). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
