Versions Compared

Old Version 6

changes.mady.by.user Damodar Reddy T

Saved on

compared with

New Version Current

changes.mady.by.user Damodar Reddy T

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

it is the plugins responsibility to declare the bean that is implementing the above interface with in that plugin. Please refer   (1) to know how to add a new plugin to cloudstack

...

Currently The integration points are at plugins those implement UserAuthenticator wile encoding a given password.

  1. plugins/user-authenticators/sha256salted
  2. plugins/user-authenticators/plaintext
  3. plugins/user-authenticators/md5

...

<bean id="SHA256SaltedUserAuthenticator" class="com.cloud.server.auth.SHA256SaltedUserAuthenticator">
      <property name="name" value="SHA256SALT"/>
      <property name="passwordCheckers" value="#{passwordCheckersRegistry.registered}"/>
</bean>

Default Plugin

cloudstack gives the following default plugin to support password checker which gets registered with Extension Registry.

plugins/security/password-checker.

It has the following bean declaration in spring-password-checker.xml

<bean id="passwordChecker" class="org.apache.cloudstack.security.password.PasswordCheckerImpl">
         <property name="name" value="DEFAULTPASSWORDCHECKER"/>
        <!-- Comment any of the below sections you want modify if you are having requirements which are differing with default values -->
        <!-- property name="minLength" value="8"/ -->
        <!-- property name="maxLength" value="16"/ -->
        <!-- property name="passwordCheckerPropertiesFile" value="password-checker.properties"/ -->
</bean>

It has the following property file to change the password strength rules.

  1. password-checker.properties
    The following is the format of the file where each rule will be added in a separate line.
    pattern,optional
    pattern - Pattern to support in the password character set. Eg: @!#$%
    optional - Whether this password rule set is optional or not while enforcing the password strength 

The password strength is calculated based on the following algorithm:

  1. Password Entropy = (log (N) * L ) / log (2)
    where L is the Length of the password
     and N is the total Length of the all character sets to be involved. 

References

 (1 )  http://ianduffy.ie/cloudstack/CreatingAPlugin.pdf