Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #181 (closed)

Opened 14 years ago

Closed 14 years ago

User wants to set password

Reported by: jamoore Owned by: jamoore
Priority: major Milestone: 3.0-M3
Component: Security Version: 3.0-M3
Keywords: story114,iteration1 Cc: cxallan
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.

Description

Obviously. The simplest working version of this involves creating a password table with PK, FK to Experimenter, and char(...) with the length of our password hash. (Salt, anyone?). Later versions can get arbitrarily more complex (using a separate user table which maps user names (unix, perhaps) to Experimenter.omeName. Etc.

Other tickets will follow for that.

The planned semantics are that a null password imply no password needed (so login occurs even if a String is provided). This way, the root account will be initially accessible until a password is set.

Change History (6)

comment:1 Changed 14 years ago by jmoore

  • Status changed from new to assigned

Which hashing funtion are we going to use?

comment:2 Changed 14 years ago by jmoore

  • Keywords iteration1 added

Taking this one out first. Plan:

  • Add table creation to data.sql (also sets root password to "ome")
  • Update jboss-login.xml (/app)
  • Implement IAdmin methods to add passwords on user creation
  • Tests:
    • Root bootstrap works
    • Change password for self (root,non-root)
    • Change password for other user (root)
    • Security exception on non-root use of "change password for other"
    • What happens if user created through IUpdate (by root even), no password. Locked account.

Note: The null-password semantics listed above will have to wait. For that, we will have to implement our own JAAS login module.

comment:3 Changed 14 years ago by jmoore

r760 now allows the changing of passwords. Current semantics:

  • Space-only password (' ') is an open account (any password works)
  • Null password or missing password entry; account is locked (see #199)
  • Otherwise, the hash value in the password table is the MD5 hash of the real password.

Initial root password: "ome" (without the quotes)
All other accounts are currently initially locked. Off to work I go...

comment:4 Changed 14 years ago by jmoore

With r761 now functional. Give it a whirl.

comment:5 Changed 14 years ago by jmoore

r769 extends password functionality. Now using IAdmin (#44) for most calls (except in testing where we use IUpdate where necessary)

All accounts created with IAdmin will automatically have a blank password allowing free access. The root password is currently initialized to "ome" (this will eventually be configurable) and that is set under /etc so that development usage should be transparent.

Note: java omero adduser (#104) also adds a blank password.

comment:6 Changed 14 years ago by jmoore

  • Resolution set to fixed
  • Status changed from assigned to closed

Forgot to mention: this can now be done. Closing.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.80123 sec.)

We're Hiring!