UI dashboard authenticator based on configuration file.
It has three categories of users: admins, users, and guests.
admins have unlimited permission, like shutdown a cluster, add/remove machines.
users have limited permission to submit an application and etc..
guests can not submit/kill applications, but can view the application status.
see conf/gear.conf section gearpump.ui-security.config-file-based-authenticator to find information
about how to configure this authenticator.
[Security consideration]
It will keep one-way sha1 digest of password instead of password itself. The original password is NOT
kept in any way, so generally it is safe.
digesting flow (from original password to digest):
random salt byte array of length 8 -> byte array of (salt + sha1(salt, password)) -> base64Encode
verification user input password with stored digest:
base64Decode -> extract salt -> do sha1(salt, password) -> generate digest: salt + sha1 ->
compare the generated digest with the stored digest.
UI dashboard authenticator based on configuration file.
It has three categories of users: admins, users, and guests. admins have unlimited permission, like shutdown a cluster, add/remove machines. users have limited permission to submit an application and etc.. guests can not submit/kill applications, but can view the application status.
see conf/gear.conf section gearpump.ui-security.config-file-based-authenticator to find information about how to configure this authenticator.
[Security consideration] It will keep one-way sha1 digest of password instead of password itself. The original password is NOT kept in any way, so generally it is safe.
digesting flow (from original password to digest): random salt byte array of length 8 -> byte array of (salt + sha1(salt, password)) -> base64Encode
verification user input password with stored digest: base64Decode -> extract salt -> do sha1(salt, password) -> generate digest: salt + sha1 -> compare the generated digest with the stored digest.