Bug #6320
closedCreate a file-base authentication mechanism as the default method
0%
Description
The NCEAS' LDAP will only provide service for some trusted partners in future. For those who currently depend on our ldap and we will not provide service in future, we need offer another authentication mechanism in metacat.
We decided to use file-based authentication as the default one. Administrators are also allowed to configure to use ldap one.
The file is in xml format. Administrator will manually to add users and groups. The password must be encrypted by bcrypt or sha1.
Updated by Jing Tao about 11 years ago
- Assignee set to Jing Tao
- Target version set to 2.4.0
Updated by Jing Tao almost 11 years ago
I did a little bit research on comparing bcrypt and sha1. People say bcrypt is a better hash algorithm.
There is a java library JBcrypt on the maven repository and we can use it.
The only concern is that the library uses the hash code itself as the salt and the BLOWFISH_NUM_ROUNDS is 16, so if we have to use the same code to generate the secure hash. In other word, i am not sure that the hash generated by another program will work or not.
Updated by ben leinfelder almost 11 years ago
- Status changed from New to In Progress
I'm testing this and having a little problem with the utility class that takes the password and writes it to the auth file. It's probably something that I am doing wrong, but we might be able to make it easier for our users still.
Once I got the correct hash in the file, login worked as expected.
Updated by ben leinfelder almost 11 years ago
- Subject changed from Create a filed-base authentication mechanism as the default authenction to Create a file-base authentication mechanism as the default method
Updated by Jing Tao almost 11 years ago
Hi, ben: I noticed the issue as well and put it on the bug:
https://projects.nceas.ucsb.edu/nceas/issues/862
I will take a look at it soon.
Updated by ben leinfelder almost 11 years ago
- Status changed from In Progress to Closed
Made AuthFile the default in metacat.properties.