Review Request: Added PlainTextAuthenticator

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/11194/ --- Review request for cloudstack and Chip Childers. Summary (updated)

Re: Review Request: Added PlainTextAuthenticator

Hi Kishan! Did you verify that adding the plain text authenticator will not allow login using the hash value itself? from AccountManagerImpl.java; ... getUserAccount ... ... boolean authenticated = false; for(UserAuthenticator authenticator : _userAuthenticators) {

RE: Review Request: Added PlainTextAuthenticator

the client sends plain text instead of hash. ~kishan -Original Message- From: Ove Ewerlid [mailto:ove.ewer...@oracle.com] Sent: Thursday, 16 May 2013 5:33 PM To: dev@cloudstack.apache.org; Kishan Kavala Subject: Re: Review Request: Added PlainTextAuthenticator Hi Kishan! Did you

Re: Review Request: Added PlainTextAuthenticator

? /Ove ~kishan -Original Message- From: Ove Ewerlid [mailto:ove.ewer...@oracle.com] Sent: Thursday, 16 May 2013 5:33 PM To: dev@cloudstack.apache.org; Kishan Kavala Subject: Re: Review Request: Added PlainTextAuthenticator Hi Kishan! Did you verify that adding the plain text

RE: Review Request: Added PlainTextAuthenticator

-Original Message- From: Ove Ewerlid [mailto:ove.ewer...@oracle.com] Sent: Thursday, 16 May 2013 6:25 PM To: dev@cloudstack.apache.org Subject: Re: Review Request: Added PlainTextAuthenticator On 05/16/2013 02:16 PM, Kishan Kavala wrote: Ove, Plain text authenticator

Re: Review Request: Added PlainTextAuthenticator

: Thursday, 16 May 2013 6:25 PM To: dev@cloudstack.apache.org Subject: Re: Review Request: Added PlainTextAuthenticator On 05/16/2013 02:16 PM, Kishan Kavala wrote: Ove, Plain text authenticator will allow logging using the hash value. Or else, clients sending MD5 hash will fail to login

Re: Review Request: Added PlainTextAuthenticator

...@oracle.com] Sent: Thursday, 16 May 2013 6:25 PM To: dev@cloudstack.apache.org Subject: Re: Review Request: Added PlainTextAuthenticator On 05/16/2013 02:16 PM, Kishan Kavala wrote: Ove, Plain text authenticator will allow logging using the hash value. Or else, clients sending MD5

Re: Review Request: Added PlainTextAuthenticator

: -Original Message- From: Ove Ewerlid [mailto:ove.ewer...@oracle.com] Sent: Thursday, 16 May 2013 6:25 PM To: dev@cloudstack.apache.org Subject: Re: Review Request: Added PlainTextAuthenticator On 05/16/2013 02:16 PM, Kishan Kavala wrote: Ove, Plain text authenticator will allow

RE: Review Request: Added PlainTextAuthenticator

Nice explanation Prasanna. +1 to Kishan's fix. -Original Message- From: Prasanna Santhanam [mailto:t...@apache.org] Sent: Thursday, May 16, 2013 9:50 PM To: dev@cloudstack.apache.org Cc: Kishan Kavala Subject: Re: Review Request: Added PlainTextAuthenticator On Thu, May 16, 2013

Re: Review Request: Added PlainTextAuthenticator

On Thu, May 16, 2013 at 09:50:21PM +0530, Prasanna Santhanam wrote: On Thu, May 16, 2013 at 04:03:14PM +0200, Ove Ewerlid wrote: I vote -1 for enabling plain text authentication allowing auth directly against hashes. I'm not clear if this functionality exists in ACS4.0, I would assume not.

Re: Review Request: Added PlainTextAuthenticator

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/11194/#review20655 --- Ship it! Ship It! - Chip Childers On May 16, 2013, 10:39 a.m.,

Re: Review Request: Added PlainTextAuthenticator

On 05/16/2013 10:55 PM, Chip Childers wrote: For those moving from 2.2.x, 3.0.x, 4.0 to 4.1: 1. We remove the incorrect auth mechanism and put in the right fix of encoding at the server and not doing any UI magic. 2. We correct the API docs and other docs to indicate the user to send in