Allow more than one auth_type
Bug #1516980 reported by
Ondřej Nový
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Swift Authentication |
Fix Released
|
Undecided
|
Prashanth Pai | ||
Bug Description
For encoding and __matching__ of password are config option "auth_type" used now.
Use this option only for encoding and choose correct auth class by hash prefix ":" (plaintext, sha1, sha512).
This allows to have more than one authtype in "DB" and config option will be used for encoding new passwords. This allow encoding algo migration.
| Changed in swauth: | |
| assignee: | nobody → Prashanth Pai (ppai) |
| status: | New → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to swauth (master) | #1 |
| Changed in swauth: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: master
commit e40938cbb426e8e
Author: Prashanth Pai <email address hidden>
Date: Fri Feb 26 18:37:34 2016 +0530
Fix changing of auth_type in existing deployments
Problem:
If an existing swauth deployment changes `auth_type` in conf file to a
different one (for example: sha1 to sha512), all attempts to authorize
existing/old users will fail because of change in encoder type.
Fix:
With this change, the credentials match is done using an encoder with
which the password was initially encoded. This allows swauth deployments
to change auth_type and old users will still be able to authorize.
Closes-Bug: 1516980
Change-Id: I8a5c397d079606
Signed-off-by: Prashanth Pai <email address hidden>