Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

etcdserver: don't let InternalAuthenticateRequest have password #11818

Merged
merged 1 commit into from
May 6, 2020

Conversation

mitake
Copy link
Contributor

@mitake mitake commented Apr 26, 2020

@xiang90 This is a PR for not recording password in a WAL entry as a plain text. Because of the stateful nature of simple token, making the entire authentication process as a serializable process is difficult. So I think this would be the simplest way. How do you think?

@xiang90
Copy link
Contributor

xiang90 commented May 6, 2020

lgtm

@xiang90 xiang90 merged commit feb5629 into etcd-io:master May 6, 2020
@mitake mitake deleted the no-password-in-raft branch May 7, 2020 02:26
@spzala
Copy link
Member

spzala commented May 14, 2020

@mitake can we close/update this issue #10132 as part of this PR? Thanks!

@mitake
Copy link
Contributor Author

mitake commented May 24, 2020

I confirmed a log entry with authenticate RPC doesn't have the password field anymore like below:

   5           192      norm    header:<ID:3632560225432501266 > authenticate:<name:"u1" simple_token:"jWsjyPlpdMloJqkx" >

gyuho added a commit that referenced this pull request Jun 22, 2020
…-upstream-release-3.4

Automated cherry pick of #11818
gyuho added a commit that referenced this pull request Jun 25, 2020
…-upstream-release-3.3

Automated cherry pick of #11818
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants