mirror of https://github.com/apache/cloudstack.git
55 lines
3.1 KiB
XML
55 lines
3.1 KiB
XML
<?xml version='1.0' encoding='utf-8' ?>
|
|
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
|
|
%BOOK_ENTITIES;
|
|
]>
|
|
|
|
<!-- Licensed to the Apache Software Foundation (ASF) under one
|
|
or more contributor license agreements. See the NOTICE file
|
|
distributed with this work for additional information
|
|
regarding copyright ownership. The ASF licenses this file
|
|
to you under the Apache License, Version 2.0 (the
|
|
"License"); you may not use this file except in compliance
|
|
with the License. You may obtain a copy of the License at
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
Unless required by applicable law or agreed to in writing,
|
|
software distributed under the License is distributed on an
|
|
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
KIND, either express or implied. See the License for the
|
|
specific language governing permissions and limitations
|
|
under the License.
|
|
-->
|
|
<section id="password-storage-engine">
|
|
<title>Changing the Default Password Encryption</title>
|
|
<para>&PRODUCT; allows you to determine the default encoding and authentication mechanism for
|
|
admin and user logins. Plain text user authenticator has been changed to do a simple string
|
|
comparison between retrieved and supplied login passwords instead of comparing the retrieved md5
|
|
hash of the stored password against the supplied md5 hash of the password because clients no
|
|
longer hash the password. The following method determines what encoding scheme is used to encode
|
|
the password supplied during user creation or modification.</para>
|
|
<para>When a new user is created, the user password is encoded by using the first valid encoder
|
|
loaded as per the sequence specified in the <code>UserPasswordEncoders</code> property in the
|
|
<filename>ComponentContext.xml</filename> or <filename>nonossComponentContext.xml</filename>
|
|
files. The order of authentication schemes is determined by the <code>UserAuthenticators</code>
|
|
property in the same files. The administrator can change the ordering of both these properties
|
|
as preferred. When a new authenticator or encoder is added, you can add them to this list. While
|
|
doing so, ensure that the new authenticator or encoder is specified as a bean in both these
|
|
files if they are required for both oss and non-oss components. The two properties are listed
|
|
below:</para>
|
|
<programlisting><property name="UserAuthenticators">
|
|
<list>
|
|
<ref bean="SHA256SaltedUserAuthenticator"/>
|
|
<ref bean="MD5UserAuthenticator"/>
|
|
<ref bean="LDAPUserAuthenticator"/>
|
|
<ref bean="PlainTextUserAuthenticator"/>
|
|
</list>
|
|
</property>
|
|
<property name="UserPasswordEncoders">
|
|
<list>
|
|
<ref bean="SHA256SaltedUserAuthenticator"/>
|
|
<ref bean="MD5UserAuthenticator"/>
|
|
<ref bean="LDAPUserAuthenticator"/>
|
|
<ref bean="PlainTextUserAuthenticator"/>
|
|
</list></programlisting>
|
|
</section>
|