Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to configure auth.pgsql.password_hash for django password #176

Open
daadu opened this issue Jan 1, 2020 · 1 comment
Open

How to configure auth.pgsql.password_hash for django password #176

daadu opened this issue Jan 1, 2020 · 1 comment

Comments

@daadu
Copy link

daadu commented Jan 1, 2020

I want emqx to authenticate my Django user. Django uses PBKDF2 with sha356 + 150000 iterations + salt. Django has a make_password method to hash plain password in a secure way.

>>> from django.contrib.auth.hashers import make_password
>>> make_password("hello world")
'pbkdf2_sha256$150000$YSu4ev2bmi9t$YieK5QrYzdlktW9E1EymOjY3T0RUbF8EaPoR57otsq4='

it is in the following format:

<algorithm>$<iterations>$<salt>$<hash>

Check this for more info: https://docs.djangoproject.com/en/3.0/topics/auth/passwords/#how-django-stores-passwords.

I can break the string into subsequent components and store them in separate columns.

How should I configure auth.pgsql.password_hash in this case??

I am thinking of something the following:

auth.pgsql.password_hash = salt,pbkdf2,sha256,150000,32
auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1

Will it work? Is the configuration correct? How will emqx know what the salt is? Or as of now using salt with pbkdf2 is not supported? Or should I store the salt with password hash in one column only with some separator(or without separator)? Also, should the hash and salt both be base64 encoded?

@daadu
Copy link
Author

daadu commented Jan 1, 2020

I digged a bit in Django code.

It uses pbkdf2_hmac (that is PBKDF2 with HMAC, for which salt is required.)

Looks like the plugin only supports pbkdf2.

Am I right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant