Preface
SkyFormation webapp uses by default an authentication mechanism based on clear-text passwords.
This guide will show you how to replace the default clear-text password based mechanism with a more secure hashed passwords based mechanism.
Steps
1. Locate client-shiro.ini file and back it up
- ssh to your SkyFormation instance
-
Switch to sudo user:
sudo su -
-
Run command
cd $(docker inspect sk4_conf -f '{{.Mountpoint}}')/shiro
-
Copy client-shiro.ini for backup:
cp client-shiro.ini client-shiro.ini.bak
2. Edit the client-shiro.ini
Using your preferred editor, add the following lines under the [main]
section:
# for having hashed creds: https://shiro.apache.org/realm.html#Realm-HashingCredentials
# generate a hax password via this tool: https://shiro.apache.org/command-line-hasher.html
# and this command: java -jar shiro-tools-hasher-1.4.0-RC2-cli.jar -i 1024 -f hex -ngs -p
credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName = SHA-256
credentialsMatcher.hashSalted = false
credentialsMatcher.storedCredentialsHexEncoded = true
credentialsMatcher.hashIterations = 1024
iniRealm.credentialsMatcher = $credentialsMatcher
3. Replace the users' clear-text passwords with their hashed values
Under the [users] section in the client-shiro.ini file replace each user's password
with its correlated hashed password value by generating it as guide at:
How-to: Generate hashed password for the SkyFormation webapp
4. Restart your SkyFormation service
>> systemctl restart sk4compose
DONE
Comments
0 comments
Please sign in to leave a comment.