I know this is very hacky, but would it be possible to have the unencrypted passwords include some kind of special prefix so that the SecurityManager could identify those and strip it off and/or then perform encryption before validating the password?
So, for example a Pulse or gfsh user would enter his password as ###topsecret (here '###' is a special prefix) and then the SM would be able to check that and do something appropriate. --Jens On Thu, Jan 18, 2018 at 2:22 PM, Sudhir Babu Pothineni < [email protected]> wrote: > Hi Jens, I need to keep the password in a configuration file for > SecurityManager, but company policy won't allow to keep the password in a > plain text, so I need to encrypt the password and put it in the > configuration file. but now I need to decrypt it inside > SecurityManager.authenticate > > Pulse and gfsh will come into same method with normal password. Now my > problem is all components working for normal password and encrypted > password, so there is no point of encryption. I am doing something wrong. I > am just wondering if I know the component inside > SecurityManager.authenticate I can decide to decrypt or encrypt? or is > there any work around for it. > > Thanks > Sudhir > > On Thu, Jan 18, 2018 at 3:36 PM, Jens Deppe <[email protected]> wrote: > >> Hi Sudhir, >> >> At the moment we don't expose that. Can you give an example of how you'd >> want to use it. An underlying question would be under what circumstances >> would you allow different access, to the same entity, from different >> contexts? >> >> --Jens >> >> On Thu, Jan 18, 2018 at 12:47 PM, Sudhir Babu Pothineni < >> [email protected]> wrote: >> >>> How can I get which Component (gfsh, pulse, client, server) >>> inside SecurityManager.authenticate method? >>> >> >> >
