-
Notifications
You must be signed in to change notification settings - Fork 340
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added support for user authentication using user profiles stored in the repository #809
Added support for user authentication using user profiles stored in the repository #809
Conversation
84a4ac1
to
a68ae3a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LG, comments & question inline.
|
||
salt := data[0:v1SaltLength] | ||
|
||
h := computePasswordHashV1(password, salt) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the password checked on every request? or when a connection is established (and potentially reused for multiple requests)?
Is scrypt.Key
going to blow up memory consumption for the server?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the password will be checked once per stream in GRPC session and once per request in the REST case. Given that we're deprecating the REST server soon, this should practically not matter, since no user is currently using repository-based accounts.
Co-authored-by: Julio López <julio+gh@kasten.io>
3628000
to
7b8a6f4
Compare
@pavannd1 PTAL when you have a chance |
This is an alternative to htpasswd-based authentication. Users can be added and manipulated using CLI and are stored in a repository as manifests of type
user
.