apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-03 04:12:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-1815

Browse Source
This commit is contained in:
radhikap 2013-07-11 10:25:40 +05:30
parent 873e4e0e58
commit f56d9d7c63
1 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
docs/en-US/password-storage-engine.xml Normal file
View File

@ -0,0 +1,54 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="password-storage-engine">
<title>Changing the Default Password Encryption</title>
<para>&PRODUCT; allows you to determine the default encoding and authentication mechanism for
admin and user logins. Plain text user authenticator has been changed to do a simple string
comparison between retrieved and supplied login passwords instead of comparing the retrieved md5
hash of the stored password against the supplied md5 hash of the password because clients no
longer hash the password. The following method determines what encoding scheme is used to encode
the password supplied during user creation or modification.</para>
<para>When a new user is created, the user password is encoded by using the first valid encoder
loaded as per the sequence specified in the <code>UserPasswordEncoders</code> property in the
<filename>ComponentContext.xml</filename> or <filename>nonossComponentContext.xml</filename>
files. The order of authentication schemes is determined by the <code>UserAuthenticators</code>
property in the same files. The administrator can change the ordering of both these properties
as preferred. When a new authenticator or encoder is added, you can add them to this list. While
doing so, ensure that the new authenticator or encoder is specified as a bean in both these
files if they are required for both oss and non-oss components. The two properties are listed
below:</para>
<programlisting>&lt;property name="UserAuthenticators"&gt;
&lt;list&gt;
&lt;ref bean="SHA256SaltedUserAuthenticator"/&gt;
&lt;ref bean="MD5UserAuthenticator"/&gt;
&lt;ref bean="LDAPUserAuthenticator"/&gt;
&lt;ref bean="PlainTextUserAuthenticator"/&gt;
&lt;/list&gt;
&lt;/property&gt;
&lt;property name="UserPasswordEncoders"&gt;
&lt;list&gt;
&lt;ref bean="SHA256SaltedUserAuthenticator"/&gt;
&lt;ref bean="MD5UserAuthenticator"/&gt;
&lt;ref bean="LDAPUserAuthenticator"/&gt;
&lt;ref bean="PlainTextUserAuthenticator"/&gt;
&lt;/list&gt;</programlisting>
</section>