Create a file-base authentication mechanism as the default method
The NCEAS' LDAP will only provide service for some trusted partners in future. For those who currently depend on our ldap and we will not provide service in future, we need offer another authentication mechanism in metacat.
We decided to use file-based authentication as the default one. Administrators are also allowed to configure to use ldap one.
The file is in xml format. Administrator will manually to add users and groups. The password must be encrypted by bcrypt or sha1.
Updated by Jing Tao about 10 years ago
I did a little bit research on comparing bcrypt and sha1. People say bcrypt is a better hash algorithm.
There is a java library JBcrypt on the maven repository and we can use it.
The only concern is that the library uses the hash code itself as the salt and the BLOWFISH_NUM_ROUNDS is 16, so if we have to use the same code to generate the secure hash. In other word, i am not sure that the hash generated by another program will work or not.
Updated by ben leinfelder about 10 years ago
- Status changed from New to In Progress
I'm testing this and having a little problem with the utility class that takes the password and writes it to the auth file. It's probably something that I am doing wrong, but we might be able to make it easier for our users still.
Once I got the correct hash in the file, login worked as expected.