Page History
...
it is the plugins responsibility to declare the bean that is implementing the above interface with in that plugin. Please refer (1) to know how to add a new plugin to cloudstack
Integration Points
Currently The integration points are at plugins those implement UserAuthenticator wile encoding a given password.
- plugins/user-authenticators/sha256salted
- plugins/user-authenticators/plaintext
- plugins/user-authenticators/md5
...
<bean id="SHA256SaltedUserAuthenticator" class="com.cloud.server.auth.SHA256SaltedUserAuthenticator">
<property name="name" value="SHA256SALT"/>
<property name="passwordCheckers" value="#{passwordCheckersRegistry.registered}"/>
</bean>
Default Plugin
cloudstack gives the following default plugin to support password checker which gets registered with Extension Registry.
plugins/security/password-checker.
It has the following bean declaration in spring-password-checker.xml
<bean id="passwordChecker" class="org.apache.cloudstack.security.password.PasswordCheckerImpl">
<property name="name" value="DEFAULTPASSWORDCHECKER"/>
<!-- Comment any of the below sections you want modify if you are having requirements which are differing with default values -->
<!-- property name="minLength" value="8"/ -->
<!-- property name="maxLength" value="16"/ -->
<!-- property name="passwordCheckerPropertiesFile" value="password-checker.properties"/ -->
</bean>
It has the following property file to change the password strength rules.
- password-checker.properties
The following is the format of the file where each rule will be added in a separate line.
pattern,optional
pattern - Pattern to support in the password character set. Eg: @!#$%
optional - Whether this password rule set is optional or not while enforcing the password strength
The password strength is calculated based on the following algorithm:
- Password Entropy = (log (N) * L ) / log (2)
where L is the Length of the password
and N is the total Length of the all character sets to be involved.
References
Overview
Content Tools
Apps