java - pam sharing hash -

-

i looking @ way pam modules designed guidelines own jaas loginmodule. 1 thing surprised me that, although method used access hashed password orthogonal hash method itself, not able find pam modules make use of property. because of security issue overlooked, or not explored yet?

to explain little bit more mean, let's have have 3 different methods access hashed password (ldap, sql, plain files) , 2 hash methods (md5, sha1). there is 1 or more pam modules each access method, each 1 implementing 1 or more of these hash methods. adding new hash method (say bcrypt) means these access method needs modified support new hash type. better design have 1 pam module each access method retrieves hashed password using user name, have separate set of pam modules hash verification, hashed value shared between modules (like password is). if use database store password, , use md5 verify password, configuration this:

password  required  pam_sql.so password  required  pam_md5.so

in configuration pam_sql retrieves hashed password database (or fails if username not exist). pam_md5 compares hashed password password test , fails if not match. in different configuration using bcrypt, have replace pam_md5 pam_bcrypt, without having wait developers of pam_sql update new hash method.

pam doesn't have knowledge of password hashing or methods of comparing passwords (whether hashed or not). pam provides facilities modules have "conversation" user, i.e. ask them questions , answers them. usual questions are, of course, "what's username?" , "what's password?", need not be. for pam cares, module ask user 5 questions or none before deciding outcome of authentication process.

what asking abstraction @ lower layer pam provides common services subset of pam modules deal hashed passwords.

what's question? want implement such abstraction , promote standard?


Comments

Post a Comment

Popular posts from this blog

django - How can I change user group without delete record -

-
on website user have 1 group. , user can change group. it's made user.groups.clear() and user.groups.add(new_group) but it's not efficient, because there 2 sql query: delete, insert. how can change group update query? user , group related each other using manytomanyfield . means intersection table exists relating both entities, , if don't specify model map (using through attribute) django creates 1 you. looking @ sources django.contrib.auth.models see that's case. fortunatly, can access intermediary model using through attribute of manager (in case, user.groups.through ). can use regular model. example: >>> alice = user.objects.create_user('alice', 'alice@example.com', 'alicepw') >>> employee = group.objects.create(name='employee') >>> manager = group.objects.create(name='manager') >>> alice.groups.add(employee) >>> alice.groups.all() [<group: employee...
Read more

java - Need to add SOAP security token -

-
i need set custom soap header attribute on jax-ws generated webservice client. case webservice calls must go through proxy server requiring specific token (recieved web request header) present in soap request header. e.g.: 1 carserviceservice service = null; 2 service = new carserviceservice(new url(url), new qname(qname); 3 carserviceendpoint port = service.getcarserviceport(); it seems in line 3 wsdl retrieved , call fails due missing security token. 1 point direction on how done? a detailed example has been mentioned here: creating , deploying jax-ws web service on tomcat 6 this article shows how create , use security token .
Read more

java - EclipseLink JPA Object is not a known entity type -

-
i have strange problem eclipselink , object want persist. have 1 object (keypointlistimpl) stores object keypointimpl in list. persisting keypointimpl objects works great if try persist keypointlistimpl object java.lang.illegalargumentexception says object keypointimpl isn't known entity type. here keypointimpl code: @entity @table(name="keypoints") public class keypointimpl implements keypoint { @id @generatedvalue(strategy = generationtype.identity) private int id; @enumerated(enumtype.string) private detectortype keypointtype; private float x; private float y; private float size; private float angle; private float response; private int octave; private int classid; ... } here keypointlistimpl code: @entity @table(name="keypointlists") public class keypointlistimpl implements keypointlist { @id @generatedvalue(strategy = generationtype.identity) private int id; @onetoone(cascade={ca...
Read more