#i2p-dev (irc2p) | 2.12.0-9 | https://i2p.github.io/i2p.i2p/i2pupdate.zip | #translators for Weblate translation help

#i2p-dev

/2023/04/04

Online: 64

@eyedeekay

&zzz

+FreefallHeavens

+R4SAS

+RN

+ReturningNovice

+StormyCloud

+T3s|4

+acetone

+cims

+eche|off

+fa

+mareki2p

+nilbog

+orignal

+postman

+psychopuck

+qend-irc2p

+rednode

+snex

+wodencafe

Arch

Danny

Irc2PGuest28384

Irc2PGuest66257

Irc2PGuest75631

Irc2PGuest81267

Onn4l7h

Onn4|7h

Over

Sisyphus_

Sleepy

T3s|4_

U1F642

Watson

Zapek

aargh4

ahiru

ananas

anontor

calamares

dr4wd3

dr|z3d_

duanin2

i2potus

ice_juice

justaperson

luvme

mahlay

makoto

marek22k

n2_

not_bob_afk

onon_

pinotto

poriori

profetikla

r00tobo

rapidash

test7363673

uop23ip

w8rabbit

x74a6

zelgomer

obscuratus I've been playing with migrating i2p from Jetty 9.3.x to 9.4.x. I think I've come across at least one of the moderately-sized stumbling blocks.

obscuratus Jetty 9.4.x changed up the way user authentication is done.

obscuratus There's no trivial fix, such as substituting an updated function call.

obscuratus It kind-of compells a re-work of how we authenticate users in Jetty.

obscuratus That may be for the best anyways.

obscuratus Our current user authentication is md5-based. My understanding is this is now frowned upon.

obscuratus I haven't confirmed this yet, but I'm presuming Jetty 9.4.x doesn't support md5 password hashes.

obscuratus Why would they?

obscuratus But it really seems like this will require a break in user authentication at some point.

obscuratus Users will need to re-enter their creditials, and set this up again (I think).

dr|z3d there's an intractable bug with authentication in 9.3 which might be one reason why they redid auth in 9.4

ReturningNovice where is this authentication occurring?

dr|z3d console password.

obscuratus Any idea how many users employ this?

ReturningNovice ah

ReturningNovice I used to... but now just ssh forward

obscuratus For me, it never seemed like it offered much security benefit.

obscuratus But, at any rate, it's there.

dr|z3d if you're running the router locally, then the benefit is marginal. remotely may be different.

ReturningNovice sounds like maybe a poll on forum along with asking users??

obscuratus Good point.

obscuratus Changing this feature up is probably going to be disruptive for the users that rely on console passwords.

obscuratus I don't see a way to run two authentication systems in parallel. 9.4.x just does it differently than 9.3.x. And the md5 password hashses also make a smooth transition difficult.

dr|z3d migration would be a matter of detecting an active password and sending the user to /configui post update to set, or similar.

obscuratus Lol, just about the time we figure out how to migrate to 9.4, we might be hitting that window where they end 9.4 support anyways.

eyedeekay what dr|zed suggests does not sound too difficult

eyedeekay grep'ing for org.eclipse.jetty.security otoh, gives more pause

eyedeekay But it appears to all be happening in RCR

obscuratus Yeah, the more I think about it, the more I see it can be done. Even the md5 probably isn't that big a deal.

obscuratus dr|z3d, eyedeekay: Let me know if you come across any insightful links on migrating 9.3 to 9.4.