Grouper Developers Forum

[Chris Hyzer <>]

I externalized the encrypted passwords functionality:

 

https://bugs.internet2.edu/jira/browse/GRP-122

 

- dont have copied jdbc source adapters anymore (though I do subclass it, so I think grouper people should still change to the grouper specific one, in case we add in hooks or something without duplicating the logic)

- updated the subject api with the better logging in jdbc source adapter, java compiled with line numbers, and source in jar, and of course, morphString enabled

- there is no documented way to unencrypt a morphed string, and I would appreciate it if we didnt discuss how to do this over email lists or recorded phone calls...  but know that it is not impossible to do if the encrypt key is known.

- externalized the password encryption to a project: grouper-misc/morphString, and jar morphString.jar

- there is a new config file on the classpath root called: morphString.properties.  This has the two settings that were in grouper.properties, the encrypt key (or file location of encrypt key), and if we should look in files at all.

- you can encrypt a string with the morphString.jar (needs no other dependencies except java5):

 

  C:\mchyzer\isc\dev\grouper\morphString>java -jar dist\morphString.jar

  Enter the location of morphString.properties: conf\morphString.properties

  Enter the string to encrypt:

  The encrypted string is: c5f1d2082f272eff77ee6e734f5aef7d

 

- if the password masking doesnt work, run without password masking:

 

  C:\mchyzer\isc\dev\grouper\morphString>java -jar dist\morphString.jar dontMask

  Enter the location of morphString.properties: conf\morphString.properties

  Enter the string to encrypt: abc

  The encrypted string is: c5f1d2082f272eff77ee6e734f5aef7d

 

- if you dont want to type in the config file location, you can put the config file on classpath:

 

  C:\mchyzer\isc\dev\grouper\morphString>java  -cp conf;dist\morphString.jar edu.internet2.middleware.morphString.Encrypt

  Enter the string to encrypt:

  The encrypted string is: c5f1d2082f272eff77ee6e734f5aef7d

 

- you cannot encrypt a string via batch/shell script in grouper anymore.  Just use the morphString way

- morphString is ready to be put in other projects (e.g. signet), just let me know if anyone needs help

- there is no grouper shell way to encrypt a string since the password itself ends up in the gsh history.  I have the code to make an encrypt command if anyone knows how to make input not go into the history.  Not a huge deal though, it is pretty easy with the jar I believe...

- took out commons-lib.jar from source api and commons project.  Now it makes a zip file of all jars...  instead of a jar of all classes in the jars…

 

 

From: Emily Eisbruch [mailto:]
Sent: Friday, September 05, 2008 9:16 AM
To: Grouper Dev
Subject: [grouper-dev] Draft minutes: Grouper Call 3-Sep-08

 

**Grouper Call 3-Sep-08**

 *Attending*

Tom Barton, Chair

Gary Brown, Bristol U.

Shilen Patel, Duke

Chris Hyzer, U. Penn

Bill Kasenchar, U. Penn

Tom Zeller, U. Memphis

Dave Donnelly, Stanford

Joy Veronneau, Cornell U.

RL "Bob" Morgan, U. Washington

Steve Olshansky, Internet2

Emily Eisbruch, Internet2 (scribe)

 

New Action Items

[AI] {Chris} will make the encrypted password function external to Grouper.

[AI] {TomZ} will create a JIRA issue summarizing today's discussion on handling of utilities by gsh.

 Carry Over Action Items

[AI] {Chris} will create a proposal for using a shell script to make binaries.

[AI] {Chris} will develop guidelines for standardizing build script procedures across the I2 middleware products.

[AI] {Kathryn} will do background research on a messaging system to be used as a test/example case for hooks.

Discussion

Grouper Release 1.3.1.

Grouper Release 1.3.1 is ready for final testing and packaging, with all JIRA items having been marked completed. Chris will test web services; Chris, TomZ, and Shilen will do unit testing. Chris will tag the code for the 1.3.1 release in CVS and inform TomB.  

Binary Format for Grouper 1.4

Binary format will be considered for Grouper 1.4, not for this 1.3.1 release.

https://mail.internet2.edu/wws/arc/grouper-dev/2008-08/msg00058.html

Documentation for 1.3.1

Shilen welcomes feedback on his Bad Membership Finder utility documentation at:  https://wiki.internet2.edu/confluence/display/GrouperWG/Bad+Membership+Finder+Utility

Gary will edit the documentation on the Grouper wiki for API configuration changes in Grouper 1.3.1.

Encrypting passwords in config files

(https://bugs.internet2.edu/jira/browse/GRP-122)

Encrypting passwords in config files was deferred, to be reconsidered along with the release of Subject 1.0. This deferral decision was based on concern about creating a need for Grouper customized versions of 3^rd party source, such as JDBC source files.  However, it makes sense now to proceed with putting encrypted passwords in a separate JAR.

[AI] {Chris} will make the encrypted password function external to Grouper.

Indexes

What are the potential impacts of cleaning up and removing some indexes, as suggested in GRP-146?

https://bugs.internet2.edu/jira/browse/GRP-146

https://mail.internet2.edu/wws/arc/grouper-dev/2008-09/msg00013.html

There is a risk that indexes that we consider redundant are not actually redundant in all cases. Making some indexes optional through a configuration file was discussed. There is a need to understand how various databases use indexes. The decision was not to make changes to indexes for 1.4.  Soon after 1.4, it might make sense to develop test/benchmark databases to be able to make a future determination on this issue.

Packaging of Utilities

The consensus was to use gsh for storing utilities.

Utilities for 1.4 will include those needed to replace Apache Ant (Scheme export, run test, export import, XML, etc.), Bad Membership Finder, and more.

TomB noted it will be important to maintain a wiki page or interactive, built-in help so people know what utilities are in gsh.

[AI] {TomZ} will create a JIRA issue summarizing today's discussion on handling of utilities by gsh.

Next call: Wed 17-Sep-08 Noon EDT.