Project

General

Profile

Bug #6320

Create a file-base authentication mechanism as the default method

Added by Jing Tao over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
12/19/2013
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:

Description

The NCEAS' LDAP will only provide service for some trusted partners in future. For those who currently depend on our ldap and we will not provide service in future, we need offer another authentication mechanism in metacat.

We decided to use file-based authentication as the default one. Administrators are also allowed to configure to use ldap one.

The file is in xml format. Administrator will manually to add users and groups. The password must be encrypted by bcrypt or sha1.

History

#1 Updated by Jing Tao over 5 years ago

  • Target version set to 2.4.0
  • Assignee set to Jing Tao

#2 Updated by Jing Tao over 5 years ago

I did a little bit research on comparing bcrypt and sha1. People say bcrypt is a better hash algorithm.

There is a java library JBcrypt on the maven repository and we can use it.

The only concern is that the library uses the hash code itself as the salt and the BLOWFISH_NUM_ROUNDS is 16, so if we have to use the same code to generate the secure hash. In other word, i am not sure that the hash generated by another program will work or not.

#3 Updated by ben leinfelder over 5 years ago

  • Status changed from New to In Progress

I'm testing this and having a little problem with the utility class that takes the password and writes it to the auth file. It's probably something that I am doing wrong, but we might be able to make it easier for our users still.
Once I got the correct hash in the file, login worked as expected.

#4 Updated by ben leinfelder over 5 years ago

  • Subject changed from Create a filed-base authentication mechanism as the default authenction to Create a file-base authentication mechanism as the default method

#5 Updated by Jing Tao over 5 years ago

Hi, ben: I noticed the issue as well and put it on the bug:

https://projects.nceas.ucsb.edu/nceas/issues/862

I will take a look at it soon.

#6 Updated by ben leinfelder over 5 years ago

  • Status changed from In Progress to Closed

Made AuthFile the default in metacat.properties.

Also available in: Atom PDF