Bug #6320
closed
Create a file-base authentication mechanism as the default method
Added by Jing Tao over 10 years ago.
Updated over 10 years ago.
Description
The NCEAS' LDAP will only provide service for some trusted partners in future. For those who currently depend on our ldap and we will not provide service in future, we need offer another authentication mechanism in metacat.
We decided to use file-based authentication as the default one. Administrators are also allowed to configure to use ldap one.
The file is in xml format. Administrator will manually to add users and groups. The password must be encrypted by bcrypt or sha1.
- Assignee set to Jing Tao
- Target version set to 2.4.0
I did a little bit research on comparing bcrypt and sha1. People say bcrypt is a better hash algorithm.
There is a java library JBcrypt on the maven repository and we can use it.
The only concern is that the library uses the hash code itself as the salt and the BLOWFISH_NUM_ROUNDS is 16, so if we have to use the same code to generate the secure hash. In other word, i am not sure that the hash generated by another program will work or not.
- Status changed from New to In Progress
I'm testing this and having a little problem with the utility class that takes the password and writes it to the auth file. It's probably something that I am doing wrong, but we might be able to make it easier for our users still.
Once I got the correct hash in the file, login worked as expected.
- Subject changed from Create a filed-base authentication mechanism as the default authenction to Create a file-base authentication mechanism as the default method
- Status changed from In Progress to Closed
Made AuthFile the default in metacat.properties.
Also available in: Atom
PDF