You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
No, not a problem per se. This is more about making life easier for admins that use Butler Auth.
If the suggested change (#5) related to not storing passwords on disk in clear test (but rather hashing them first) is implemented, it will be harder for admins to add users to the YAML file used by the local-file authentication provider.
Somehow the admin must be able to hash the password of the new user before storing it in the YAML file.
Describe the solution you'd like
A simple web page could achieve this (there is already a http server embedded in Butler Auth): The admin enters the username and password of the new user, and gets back a hashed password that can be pasted (together with the username in clear text) in the YAML file.
It's certainly possible to automatically add the new username and pwd to the YAML, but that would also pose a security risk. Some kind of strong authentication would then be needed on the add-user-page itself, otherwise anyone with access to the add-user web page could create new users. A kind of privilege escalation thus. Not good.
Better then to just do the hashing and have the admin manually copy-paste the new user's data to the YAML file.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
No, not a problem per se. This is more about making life easier for admins that use Butler Auth.
If the suggested change (#5) related to not storing passwords on disk in clear test (but rather hashing them first) is implemented, it will be harder for admins to add users to the YAML file used by the local-file authentication provider.
Somehow the admin must be able to hash the password of the new user before storing it in the YAML file.
Describe the solution you'd like
A simple web page could achieve this (there is already a http server embedded in Butler Auth): The admin enters the username and password of the new user, and gets back a hashed password that can be pasted (together with the username in clear text) in the YAML file.
It's certainly possible to automatically add the new username and pwd to the YAML, but that would also pose a security risk. Some kind of strong authentication would then be needed on the add-user-page itself, otherwise anyone with access to the add-user web page could create new users. A kind of privilege escalation thus. Not good.
Better then to just do the hashing and have the admin manually copy-paste the new user's data to the YAML file.
The text was updated successfully, but these errors were encountered: