diff options
author | Prashanth Pai <ppai@redhat.com> | 2016-03-09 14:20:28 +0530 |
---|---|---|
committer | Thiago da Silva <thiago@redhat.com> | 2016-03-18 12:43:08 -0700 |
commit | 539d20e3b13096cfa9107fc2b619943c494c4ab3 (patch) | |
tree | 9bc71575e0867cc4a60fbd2146bd777f708dc1b5 /gluster/swift/common/utils.py | |
parent | d57adf802d7c3887f14abc65a582a69dfa25f6f1 (diff) |
Fix changing of auth_type in existing deployments
This changes does two things:
* Adds Sha512 as a supported auth_type.
* Fixes breakage when auth_type is changed in existing deployments.
If an existing gswauth deployment changes `auth_type` in conf file to a
different one (for example: sha1 to sha512), all attempts to authorize
existing/old users will fail because of change in encoder type.
With this change, the credentials match is done using an encoder with
which the password was initially encoded. This allows gswauth deployments
to change auth_type and old users will still be able to authorize.
A note on auth_type_salt:
There's still a distinction between how salt is managed in gswauth and
swauth: swauth will use a random salt if a salt is not set in conf file
where as gswauth will default to 'gswauthsalt' if a salt is not set in
conf file. This distinction is to ensure backward compatibility.
This change is derived from following upstream changes in swauth repo:
e14a7b3df86969d478090b314d9660b6d835afa7
https://review.openstack.org/#/c/285195/
https://review.openstack.org/#/c/285292/
Change-Id: I9a43adc4964d8e9f9f1faf73063a6dc1cd8ff354
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13654
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Diffstat (limited to 'gluster/swift/common/utils.py')
0 files changed, 0 insertions, 0 deletions