Open TimJones opened 7 years ago
Can you point me to some documentation? I'm not sure what the hashing algo is that it uses.
If anyone comes here from google, an easy way to get around it for helm charts and nginx is to use plain text to store the pw:
auth: {{ (print "apikey:{PLAIN}" (index .Values.apiKey)) | b64enc | quote }}
Not cool to store the PWs like this but it's in a kubernetes secret so i guess it's ok? Suppose for proper auth you wouldn't use basic auth anyway
@technosophos The algorithms are a bit of a mess: https://httpd.apache.org/docs/2.4/misc/password_encryptions.html lots of apache specific stuff in C, not sure if anyone want's to port that over. Bcrypt seems to be pretty standard but i'm not sure what this means: https://github.com/abbot/go-http-auth/blob/cb4372376e1e00e9f6ab9ec142e029302c9e7140/basic.go#L27. Might not be relevant for generation.
Can you explain where it is stored in plain text? because the secret is base64 encoded
@Kamshak Nginx indeed seems to support plain text passwords in the passwd file. However, when I create a Kubernetes secret that contains foo:bar
(base64 encoded) the Nginx Controller doesn't accept these credentials. If I use htpasswd
to encrypt bar
it works.
Are you sure that your approach should work for the Nginx Ingress controller?
Hey, I'm not running the app that required this anymore so I'm not sure if it still works (but I guess it should unless something in nginx changed). I think the key to making it work was to have that {PLAIN} in there.
Sander Ploegsma notifications@github.com schrieb am Di., 10. Dez. 2019, 14:47:
@Kamshak https://github.com/Kamshak Nginx indeed seems to support plain text passwords in the passwd file. However, when I create a Kubernetes secret that contains foo:bar (base64 encoded) the Nginx Controller doesn't accept these credentials. If I use htpasswd to encrypt bar it works.
Are you sure that your approach should work for the Nginx Ingress controller?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Masterminds/sprig/issues/32?email_source=notifications&email_token=AACSQMAQV5IEH6AXZ5BFVULQX6MWPA5CNFSM4DGQXVPKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGPI6HY#issuecomment-564039455, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACSQMHO4MSB6BBN5CWYUR3QX6MWPANCNFSM4DGQXVPA .
Would it be possible implement third argument for sprig htpasswd
, so I can provide htpasswd related arguments?
e.g.:
{{ htpasswd .Values.username .Values.password 'nBC 10' }}
A function that can generate the
htpasswd
type hash from username & password would be great. In Kubernetes Helm charts, this would help in configuring basic auth for ingress resources.