👮 major
irc2p
#i2p-dev #i2pd-dev #ls2 #saltr
ilita
#4rum #acetonevideo #dev #retroshare #torrent #video2p
IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2023/04/04
@eyedeekay
&zzz
+R4SAS
+RN
+RN_
+StormyCloud
+T3s|4
+acetone
+dr|z3d
+eche|off
+hagen
+mareki2p
+orignal
+postman
+snex
+wodencafe
Arch
BubbRubb
Daddy_
Danny
DeltaOreo
FreefallHeavens
HowardPlayzOfAdmin1
Irc2PGuest89386
Irc2PGuest92548
Irc2PGuest96164
Leopold_
Onn4l7h
Onn4|7h
SigSegv
Sisyphus
Sleepy
SlippyJoe_
T3s|4_
Teeed
ardu
b3t4f4c3__
bak83
boonst
cumlord
death
dr4wd3_
eyedeekay_bnc
not_bob_afk
not_human
onon_
poriori
profetikla
qend-irc2p
r00tobo
rapidash
shiver_
thetia
u5657
uop23ip
w8rabbit
weko_
x74a6
obscuratus I've been playing with migrating i2p from Jetty 9.3.x to 9.4.x. I think I've come across at least one of the moderately-sized stumbling blocks.
obscuratus Jetty 9.4.x changed up the way user authentication is done.
obscuratus There's no trivial fix, such as substituting an updated function call.
obscuratus It kind-of compells a re-work of how we authenticate users in Jetty.
obscuratus That may be for the best anyways.
obscuratus Our current user authentication is md5-based. My understanding is this is now frowned upon.
obscuratus I haven't confirmed this yet, but I'm presuming Jetty 9.4.x doesn't support md5 password hashes.
obscuratus Why would they?
obscuratus But it really seems like this will require a break in user authentication at some point.
obscuratus Users will need to re-enter their creditials, and set this up again (I think).
dr|z3d there's an intractable bug with authentication in 9.3 which might be one reason why they redid auth in 9.4
ReturningNovice where is this authentication occurring?
dr|z3d console password.
obscuratus Any idea how many users employ this?
ReturningNovice ah
ReturningNovice I used to... but now just ssh forward
obscuratus For me, it never seemed like it offered much security benefit.
obscuratus But, at any rate, it's there.
dr|z3d if you're running the router locally, then the benefit is marginal. remotely may be different.
ReturningNovice sounds like maybe a poll on forum along with asking users??
obscuratus Good point.
obscuratus Changing this feature up is probably going to be disruptive for the users that rely on console passwords.
obscuratus I don't see a way to run two authentication systems in parallel. 9.4.x just does it differently than 9.3.x. And the md5 password hashses also make a smooth transition difficult.
dr|z3d migration would be a matter of detecting an active password and sending the user to /configui post update to set, or similar.
obscuratus Lol, just about the time we figure out how to migrate to 9.4, we might be hitting that window where they end 9.4 support anyways.
eyedeekay what dr|zed suggests does not sound too difficult
eyedeekay grep'ing for org.eclipse.jetty.security otoh, gives more pause
eyedeekay But it appears to all be happening in RCR
obscuratus Yeah, the more I think about it, the more I see it can be done. Even the md5 probably isn't that big a deal.
obscuratus dr|z3d, eyedeekay: Let me know if you come across any insightful links on migrating 9.3 to 9.4.