[JOC-328] shiro.ini - already hashed passwords are not considered when automatic hashing through Account Manager functionality occurs - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Dismissed (View Workflow)
Priority: Major
Resolution: Works as designed
Affects Version/s: 1.11.5
Fix Version/s: 1.11.5
Component/s: None
Labels:
None

Description

Current Situation
A password hash was generated with the CLI \shiro-tools-hasher\1.3.2> java -jar shiro-tools-hasher-1.3.2-cli.jar --algorithm SHA-512 -p as described in ~~JOC-270~~.
Only one user got this password hash, all other users still had the clear text password.
Using Manage Accounts in JOC to update a current user results in all passwords for all users in shiro.ini were hashed afterwards.
The User with the already existing password hash cannot login anymore, because the already existing hash was presumed a password and hashed again.

Desired Behavior
When an Administrator creates a password hash with the CLI tool from shiro for one user, the automatic password hashing of the Manage Account function in JOC is not allowed to rehash the already exisitng password hash. It should recognize, that the already existing password hash is a hash and not a clear text password.

Attachments

Issue Links

is related to

JOC-327 Adding or modifying a user account when password hashing and LDAP & INI realms are active corrupts all passwords

Released

JOC-270 JOC should support hashed passwords in shiro.ini

Released

Activity

People

Assignee:: Uwe Risse

Reporter:: Santiago Aucejo Petzoldt

Approver:: Santiago Aucejo Petzoldt

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27 October 2017 11:08

Updated:: 30 October 2017 12:37

Resolved:: 30 October 2017 12:37