Preface

SkyFormation webapp uses by default an authentication mechanism based on clear-text passwords. 

This guide will show you how to replace the default clear-text password based mechanism with a more secure hashed passwords based mechanism.

Steps

1. Locate client-shiro.ini file and back it up

• ssh to your SkyFormation instance

• Switch to sudo user: sudo su -

• Run command cd $(docker inspect sk4_conf -f '{{.Mountpoint}}')/shiro

• Copy client-shiro.ini for backup: cp client-shiro.ini client-shiro.ini.bak

2. Edit the client-shiro.ini

     Using your preferred editor, add the following lines under the [main] section:

# for having hashed creds: https://shiro.apache.org/realm.html#Realm-HashingCredentials

# generate a hax password via this tool: https://shiro.apache.org/command-line-hasher.html

# and this command: java -jar shiro-tools-hasher-1.4.0-RC2-cli.jar -i 1024 -f hex -ngs -p

credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher

credentialsMatcher.hashAlgorithmName = SHA-256

credentialsMatcher.hashSalted = false

credentialsMatcher.storedCredentialsHexEncoded = true

credentialsMatcher.hashIterations = 1024

iniRealm.credentialsMatcher = $credentialsMatcher

3. Replace the users' clear-text passwords with their hashed values

     Under the [users] section in the client-shiro.ini file replace each user's password
     with its correlated hashed password value by generating it as guide at:
     How-to: Generate hashed password for the SkyFormation webapp

4. Restart your SkyFormation service    

 DONE