Opened 7 years ago

Last modified 4 years ago

#1942 new enhancement

Allow slaves to be authenticated with other cred modules

Reported by: dabrahams Owned by:
Priority: major Milestone: 0.9.+
Version: 0.8.3p1 Keywords: sprint
Cc: redheadphones, rutsky.vladimir@…

Description

It would make open-sourcing a buildbot configuration much easier if (especially buildslave) passwords were cryptographically hashed so that the hashes can be revealed in .cfg files.

Change History (8)

comment:1 follow-up: Changed 7 years ago by tom.prince

I think the canonical solution to this is to load the passwords from a file.

To have the hashes be secure, you would also have to make sure that the hashed passwords were properly salted.

A more sensible option might be to expose twisted.cred, which has support for unix password files, among other things.

comment:2 in reply to: ↑ 1 Changed 7 years ago by dabrahams

Replying to tom.prince:

I think the canonical solution to this is to load the passwords from a file.

Yes it is. And a variety of factors make this much more painful than it should be. You can see some evidence for this in my bbot framework.

To have the hashes be secure, you would also have to make sure that the hashed passwords were properly salted.

I confess that I'm not a security expert... but that wouldn't be so bad, would it?

A more sensible option might be to expose twisted.cred, which has support for unix password files, among other things.

I assumed that twisted probably had some facilities for this kind of thing, but I'm also not a twisted expert ;-)

comment:3 Changed 7 years ago by dustin

  • Cc redheadphones added
  • Keywords redheaphones added; auth removed

comment:4 Changed 7 years ago by dustin

  • Milestone changed from undecided to 0.8.+

comment:5 Changed 7 years ago by dustin

  • Keywords redheaphones removed

comment:6 Changed 5 years ago by dustin

  • Keywords sprint added
  • Summary changed from Store passwords in hashed form to Allow slaves to be authenticated with other cred modules

comment:7 Changed 5 years ago by rutsky

  • Cc rutsky.vladimir@… added

comment:8 Changed 4 years ago by dustin

  • Milestone changed from 0.8.+ to 0.9.+

Ticket retargeted after milestone closed

Note: See TracTickets for help on using tickets.