Salt and hash karaf CLI user passwords

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Salt and hash karaf CLI user passwords

Steubert Ebenezer
Hi,

 

We need to salt and hash the karaf CLI user passwords.

 

We installed jasypt (feature:install jasypt) on opendaylight controller and
modified [karf.dir]/etc/org.apache.karaf.jaas.cfg as below.

encryption.name = jasypt

encryption.saltSizeBytes = 16

Now we created two new karaf CLI users with the same password.

opendaylight-user@root>jaas:user-add steubert karaf

opendaylight-user@root>jaas:user-add kathir karaf

opendaylight-user@root>jaas:update

Now if we check [karf.dir]/etc/users.properties file we see the encrypted
passwords are different

steubert =
{CRYPT}PH/RiJ/ZH2ss0TyKt/zY0qlrnYSHfCUsg4K3SODMfeQGDUD0fa944UKpJtQqxHyxf/8O6
6+Pyspk6SckxJswEza+sW+cIZ7U{CRYPT}

kathir =
{CRYPT}jqR3DDw6+RRuAbImxj46w4uunR3gLTENWi1JGzhcVr+ka1S9Tq1qFafGR/FyIc9FQGhGF
7NyyGkqPf/gJKff45zbqvAEYaJZ{CRYPT}

 

We have below questions on this.

* How can we ensure if salting is happening here
* Where are the salts stored
* How does the login module authenticate the users if the salts are
not stored in any of the files

 

Thanks,

Steubert.

M: +91 9620610073

 

Reply | Threaded
Open this post in threaded view
|

Re: Salt and hash karaf CLI user passwords

fpapon
Hi,

Which version of Karaf are you using ?

François Papon
[hidden email]
Open3m - https://www.open3m.io

Le 11/06/2018 à 11:27, Steubert Ebenezer a écrit :

> Hi,
>
>  
>
> We need to salt and hash the karaf CLI user passwords.
>
>  
>
> We installed jasypt (feature:install jasypt) on opendaylight controller and
> modified [karf.dir]/etc/org.apache.karaf.jaas.cfg as below.
>
> encryption.name = jasypt
>
> encryption.saltSizeBytes = 16
>
> Now we created two new karaf CLI users with the same password.
>
> opendaylight-user@root>jaas:user-add steubert karaf
>
> opendaylight-user@root>jaas:user-add kathir karaf
>
> opendaylight-user@root>jaas:update
>
> Now if we check [karf.dir]/etc/users.properties file we see the encrypted
> passwords are different
>
> steubert =
> {CRYPT}PH/RiJ/ZH2ss0TyKt/zY0qlrnYSHfCUsg4K3SODMfeQGDUD0fa944UKpJtQqxHyxf/8O6
> 6+Pyspk6SckxJswEza+sW+cIZ7U{CRYPT}
>
> kathir =
> {CRYPT}jqR3DDw6+RRuAbImxj46w4uunR3gLTENWi1JGzhcVr+ka1S9Tq1qFafGR/FyIc9FQGhGF
> 7NyyGkqPf/gJKff45zbqvAEYaJZ{CRYPT}
>
>  
>
> We have below questions on this.
>
> * How can we ensure if salting is happening here
> * Where are the salts stored
> * How does the login module authenticate the users if the salts are
> not stored in any of the files
>
>  
>
> Thanks,
>
> Steubert.
>
> M: +91 9620610073
>
>  
>
>

François Papon
fpapon@apache.org
Yupiik - https://www.yupiik.com