> Still curious as to why one can enter a plain text value for the admin > directly into the database. Does CloudStack look for the "password" value > explicitly or would any value do?
It will loop threw all authenticators until a valid response is found, personally I think this is bad. Its been discussed on the dev list a few times. To expand by example: (Doesn't occur necessarily in this order) - User inserts "example123" as their password. - Password is SHA1ed and checked against DB - Fails - Password is MD5ed and checked against the DB - Fails - Password is used in an attempt to bind against LDAP - Fails - Password is sent as raw and checked against the DB - Passes - User logs in successfully On 17 September 2013 21:19, Demetrius Tsitrelis <demetrius.tsitre...@citrix.com> wrote: > The Knowledge Base article on the Citrix site looks like a good reference. > > Still curious as to why one can enter a plain text value for the admin > directly into the database. Does CloudStack look for the "password" value > explicitly or would any value do? > > -----Original Message----- > From: Ian Duffy [mailto:i...@ianduffy.ie] > Sent: Tuesday, September 17, 2013 12:28 PM > To: users@cloudstack.apache.org > Subject: Re: How to reset admin password of CloudStack WebUI? > >> I hope this does not mean that user passwords are stored in plain text in >> the database table. > > They are not. The authenticators support: > - PlainText > - SHA1 > - MD5 > - LDAP > > I believe SHA1 is the default, but from my experience once one match of any > of the authenticators are found it will cause a successful login. > > More information on resetting the password can be found at: > http://support.citrix.com/article/CTX133469 > > On 17 September 2013 19:49, Demetrius Tsitrelis > <demetrius.tsitre...@citrix.com> wrote: >> I hope this does not mean that user passwords are stored in plain text in >> the database table. >> >> -----Original Message----- >> From: Ian Duffy [mailto:i...@ianduffy.ie] >> Sent: Saturday, September 14, 2013 6:02 AM >> To: users@cloudstack.apache.org >> Subject: Re: How to reset admin password of CloudStack WebUI? >> >> Hi Diggy, >> >> The passwords are stored in the user_view table. With the way the >> authentication works we can just insert a plain text password for the reset >> and then change it via the user panel once logged in. >> >> Find your user: >> select username, password from user_view; >> >> Set a password of password for that user: >> update user_view set password = 'password' where username='admin'; >> >> Login to Cloudstack with admin/password navigate over to accounts, admin, >> view users, admin, change password. >> >> >> On 14 September 2013 04:15, Diggy Shuvy <digg...@gmail.com> wrote: >> >>> Hello All, >>> >>> I got problem on login page of CS 4.1.1 web management. >>> How to reset admin password of CloudStack 4.1.1 web management? >>> >>> Thank a lot. >>> Diggy >>>
