How to best implement passwords in clixon ecosystem ?

[navaneethyv]

Hi !

This is a question on implementing encryption / obfuscation of plain text password pushed into the clixon backend.

Consider a configuration that accepts a password.

Sample pseudo yang.

container account { leaf user-name; leaf password } set account password

Use case here is to store password entered in plain text needs to be saved in some sort of encrypted format inside the candidate/running_db so that it is not deciphered.

test 477a4ca0031bf81572871f73ba1c16b4 /* encrypted value of plain text */

The example_cli.cli shows a method by which we can hook the translate() function to translate the content into a secret format. I think this gives a way to hook the translate function into the command defined by the yang when interactive via the CLI channel.

How to do a similar thing for RESTCONF ? How to secure the password information sent via RESTCONF in a secure encrypted / obfuscated way inside the candidate/running_db when the password entered is in plain text ?

Thanks !

[olofhagsand]

I dont know how to do this properly. Maybe can pose this question on the clixon slack? https://join.slack.com/t/clixondev/shared_invite/zt-grej02z5-fNz0b7Su8RcOn5hWKt8yOw

Restconf has an authentication callback, see https://clixon-docs.readthedocs.io/en/latest/restconf.html#plugin-callbacks and two examples using http basic auth and ssl client certs in https://github.com/clicon/clixon/blob/master/example/main/example_restconf.c. However, neither of those handle passwords properly (basic auth passwords are hardcoded).

But ultimately, when using RESTCONF maybe one should use SSL client certs or Oath2/OpenID for authentication instead?

[navaneethyv]

Thanks for the response Olof !

My question not to implement passwords as a login mechanism, but as a way to store the password configuration in a clixon database itself. As suggested I will take this up in the slack channel, I will update this thread with a conclusion once we reach to it.

[paul-sirin]

Hi @olofhagsand , We were discussing this issue on Slack thread (https://app.slack.com/client/T9MQ16BPU/C9M7R700H/thread/C9M7R700H-1608645887.108700). I think it's the same feature that we also require -- storing sensitive data at rest in a clixon DB in some secure (translated) form.

[paul-sirin]

For those who is still interested in solution. We chose to expose RPC with implementation of encryption method to clients. This RPC takes plaintext from client, validates it, encrypts and returns ciphertext. Then client should pass this ciphertext as input data that will be stored in DB. CLI implicitly uses this RPC to convert plaintext into ciphertext via callback wrapper.

[olofhagsand]

Thanks. Maybe we should add a section in the https://clixon-docs.readthedocs.io/en/latest/ about best practices to do this, since it attracts a lot of discussion.