Request #163

Hash password in $ONE_AUTH file

Added by Ruben S. Montero about 10 years ago. Updated about 9 years ago.

Status:ClosedStart date:10/21/2009
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:Release 2.0
Pull request:

Description

Password are stored in plain text in the $ONE_AUTH file. This file is protected through the standard UNIX file permission mechanism. However, as proposed by Shi Jin in the mailing list, a hashed password makes it a lot harder for somebody to remember the password with a quick glimpse of the file.

one-sha1.patch Magnifier (4.98 KB) Jeroen Nijhof, 02/17/2010 05:19 PM

Associated revisions

Revision 0b4a4670
Added by Tino Vázquez about 3 years ago

Merge pull request #163 from n40lab/B#4943

B#4943 Fix NETTX and NETRX negative values, polling time and accumulate values

History

#1 Updated by Jeroen Nijhof almost 10 years ago

Why not using the sha1 encrypted string?

The only thing you need then is a user command to generate the sha1 string which can be used in your ONE_AUTH file. Something like 'oneuser gensha1 <password>' the output sha1 string can then be used in your ONE_AUTH file like 'username:<generated sha1 string>'.

#2 Updated by Jeroen Nijhof almost 10 years ago

I wrote a patch which will let you use sha1 encrypted password in the ONE_AUTH file also for ec2 and occi.
I now this isn't a solution but it's far more better then a plain text password.

#3 Updated by Ruben S. Montero almost 10 years ago

  • Tracker changed from Bug to Request

#4 Updated by Ruben S. Montero almost 10 years ago

  • Target version changed from Release 1.4.2 to Release 2.0

#5 Updated by Javi Fontan about 9 years ago

  • Status changed from New to Closed

Using hashed passwords can be done in version 2.0 using the "plain" prefix:

username:plain:hashed_password

Also available in: Atom PDF