Task #181 (closed)
Opened 18 years ago
Closed 18 years ago
User wants to set password
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | major | Milestone: | 3.0-M3 |
Component: | Security | Version: | 3.0-M3 |
Keywords: | story114,iteration1 | Cc: | cxallan |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description
Obviously. The simplest working version of this involves creating a password table with PK, FK to Experimenter, and char(...) with the length of our password hash. (Salt, anyone?). Later versions can get arbitrarily more complex (using a separate user table which maps user names (unix, perhaps) to Experimenter.omeName. Etc.
Other tickets will follow for that.
The planned semantics are that a null password imply no password needed (so login occurs even if a String is provided). This way, the root account will be initially accessible until a password is set.
Change History (6)
comment:1 Changed 18 years ago by jmoore
- Status changed from new to assigned
comment:2 Changed 18 years ago by jmoore
- Keywords iteration1 added
Taking this one out first. Plan:
- Add table creation to data.sql (also sets root password to "ome")
- Update jboss-login.xml (/app)
- Implement IAdmin methods to add passwords on user creation
- Tests:
- Root bootstrap works
- Change password for self (root,non-root)
- Change password for other user (root)
- Security exception on non-root use of "change password for other"
- What happens if user created through IUpdate (by root even), no password. Locked account.
Note: The null-password semantics listed above will have to wait. For that, we will have to implement our own JAAS login module.
comment:3 Changed 18 years ago by jmoore
r760 now allows the changing of passwords. Current semantics:
- Space-only password (' ') is an open account (any password works)
- Null password or missing password entry; account is locked (see #199)
- Otherwise, the hash value in the password table is the MD5 hash of the real password.
Initial root password: "ome" (without the quotes)
All other accounts are currently initially locked. Off to work I go...
comment:4 Changed 18 years ago by jmoore
With r761 now functional. Give it a whirl.
comment:5 Changed 18 years ago by jmoore
r769 extends password functionality. Now using IAdmin (#44) for most calls (except in testing where we use IUpdate where necessary)
All accounts created with IAdmin will automatically have a blank password allowing free access. The root password is currently initialized to "ome" (this will eventually be configurable) and that is set under /etc so that development usage should be transparent.
Note: java omero adduser (#104) also adds a blank password.
comment:6 Changed 18 years ago by jmoore
- Resolution set to fixed
- Status changed from assigned to closed
Forgot to mention: this can now be done. Closing.
Which hashing funtion are we going to use?