Allow more than one auth_type
Bug #1516980 reported by
Ondřej Nový
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Swift Authentication |
Fix Released
|
Undecided
|
Prashanth Pai |
Bug Description
For encoding and __matching__ of password are config option "auth_type" used now.
Use this option only for encoding and choose correct auth class by hash prefix ":" (plaintext, sha1, sha512).
This allows to have more than one authtype in "DB" and config option will be used for encoding new passwords. This allow encoding algo migration.
Changed in swauth: | |
assignee: | nobody → Prashanth Pai (ppai) |
status: | New → In Progress |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/285292 /git.openstack. org/cgit/ openstack/ swauth/ commit/ ?id=e40938cbb42 6e8e0ddf8d60d3a 38c72c2d51ea6d
Committed: https:/
Submitter: Jenkins
Branch: master
commit e40938cbb426e8e 0ddf8d60d3a38c7 2c2d51ea6d
Author: Prashanth Pai <email address hidden>
Date: Fri Feb 26 18:37:34 2016 +0530
Fix changing of auth_type in existing deployments
Problem:
If an existing swauth deployment changes `auth_type` in conf file to a
different one (for example: sha1 to sha512), all attempts to authorize
existing/old users will fail because of change in encoder type.
Fix:
With this change, the credentials match is done using an encoder with
which the password was initially encoded. This allows swauth deployments
to change auth_type and old users will still be able to authorize.
Closes-Bug: 1516980 2f4109c59b6dc61 b14d4a97e4b
Change-Id: I8a5c397d079606
Signed-off-by: Prashanth Pai <email address hidden>