Add doc/shiro-encryption.ini

This shows the user how to specify encrypted passwords in a Shiro
configuration file.

Linked to https://tickets.puppetlabs.com/browse/RAZOR-1067

doc/shiro-encryption.ini

@@ -0,0 +1,27 @@
+# This configuration shows how to set up Shiro to use encrypted passwords.
+# The credentials matcher is used to authenticate connecting users,
+# where a user is specified by their username and password. SHA-256
+# is used by default, so all passwords listed here must be SHA-256 hashes.
+# To calculate the SHA-256 of a password, you can use openssl via. the
+# following CLI invocation:
+#   echo -n <password> | openssl dgst -sha256 -binary | xxd -p -c 256
+#
+# NOTE: The "-n" flag forces echo not to append a newline, as otherwise
+# it would be hashed along with <password>!
+
+# For more details, please refer to http://shiro.apache.org/configuration.html.
+[main]
+
+# We need to declare the sha256Matcher variable here so that Shiro
+# actually creates the object
+sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
+iniRealm.credentialsMatcher = $sha256Matcher 
+
+[user]
+# Some example users, specified as "<username> = <sha256-password>"
+
+# password is SHA-256 of the word "dead"
+fred = 28a3a5e81d1e89f0efc70b63bf717b921373fc7fac70bc1b7e4d466799c0c6b0
+
+# password is SHA-256 of the word "alive"
+alice = 135fc7a09da25f03e44f7a2c700efd4a9d0a989af4d4704eabfe9ada71b26590  

shiro.ini

@@ -1,3 +1,5 @@
 # This is the standard Apache Shiro authentication configuration file.
-# http://shiro.apache.org/configuration.html
+# All the details of what can be specified here are documented on
+# http://shiro.apache.org/configuration.html. You can also view the files
+# prefixed with "shiro" in the doc/ folder for some example Shiro configurations.
 [main]