👮 major
irc2p
#i2p-dev #i2pd-dev #ls2 #saltr
ilita
#4rum #acetonevideo #dev #retroshare #torrent #video2p
IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2023/04/04
@eyedeekay
&eche|on
&kytv
+R4SAS
+RN
+acetone
+dr|z3d
+orignal
+polistern
+postman
+weko
An0nm0n
Arch
FreefallHeavens
Gid
Irc2PGuest13560
Irc2PGuest1893
Irc2PGuest32938
Irc2PGuest4253
Irc2PGuest8259
Leopold
Minogami
Onn4l7h
Sleepy
Soni
T3s|4_
Teeed
aargh1
admin
anon4
apt0110
b3t4f4c3__
cheddah
eyedeekay_bnc
idk
itsjustme_
j6
limak
not_bob_afk
poriori_
profetikla
qend-irc2p
rapidash
tbqdrn
theglitch
u5657
user100
wodencafe
x74a6
obscuratus I've been playing with migrating i2p from Jetty 9.3.x to 9.4.x. I think I've come across at least one of the moderately-sized stumbling blocks.
obscuratus Jetty 9.4.x changed up the way user authentication is done.
obscuratus There's no trivial fix, such as substituting an updated function call.
obscuratus It kind-of compells a re-work of how we authenticate users in Jetty.
obscuratus That may be for the best anyways.
obscuratus Our current user authentication is md5-based. My understanding is this is now frowned upon.
obscuratus I haven't confirmed this yet, but I'm presuming Jetty 9.4.x doesn't support md5 password hashes.
obscuratus Why would they?
obscuratus But it really seems like this will require a break in user authentication at some point.
obscuratus Users will need to re-enter their creditials, and set this up again (I think).
dr|z3d there's an intractable bug with authentication in 9.3 which might be one reason why they redid auth in 9.4
ReturningNovice where is this authentication occurring?
dr|z3d console password.
obscuratus Any idea how many users employ this?
ReturningNovice ah
ReturningNovice I used to... but now just ssh forward
obscuratus For me, it never seemed like it offered much security benefit.
obscuratus But, at any rate, it's there.
dr|z3d if you're running the router locally, then the benefit is marginal. remotely may be different.
ReturningNovice sounds like maybe a poll on forum along with asking users??
obscuratus Good point.
obscuratus Changing this feature up is probably going to be disruptive for the users that rely on console passwords.
obscuratus I don't see a way to run two authentication systems in parallel. 9.4.x just does it differently than 9.3.x. And the md5 password hashses also make a smooth transition difficult.
dr|z3d migration would be a matter of detecting an active password and sending the user to /configui post update to set, or similar.
obscuratus Lol, just about the time we figure out how to migrate to 9.4, we might be hitting that window where they end 9.4 support anyways.
eyedeekay what dr|zed suggests does not sound too difficult
eyedeekay grep'ing for org.eclipse.jetty.security otoh, gives more pause
eyedeekay But it appears to all be happening in RCR
obscuratus Yeah, the more I think about it, the more I see it can be done. Even the md5 probably isn't that big a deal.
obscuratus dr|z3d, eyedeekay: Let me know if you come across any insightful links on migrating 9.3 to 9.4.