Closed sdrogers closed 1 year ago
sdrogers
commented
1 year ago E.g. if I have
auth enable
in my conf file, it seems that
plaintext enable has no effect.
However, if I comment out the if (!authReq) here, so lines 192 and 193 happen regardless of authReq, I am able to switch plaintext enable and plaintext disable with the expected effect:
s-u
commented
1 year ago s-u
commented
1 year ago The default is to always use crypt if supported and only fall back to plain if not supported. However, crypt-based authentication cannot work with hashed passwords by design, so an optional argument was added to force plain text authentication if both are available.
Quick query about the RConnection class. I've been trying to get plaintext auth enabled when connecting to Rserve from Java. However, it looks like it's impossible to do this -- is this by design? When I set plaintext enabled in the Rconf, the Java still sends the password in an encrypted form. Digging into the code, I can see that Rserve is sending
ARptin the IDs but the Java code only setsauthType=AT_plainif!authReq. So, if the Rserve is setup with auth required then it seems impossible to allow passwords to be sent in plain text. As far as I can tell, this also means that it is not possible to use passwords stored as $sha1 or $md5 when calling from java, as this requires a password to be sent in plaintext (if it is sent encrypted, then it will never match) Am I reading the code correctly here? Am I missing something? Thanks!