Merge changes from topic 'security'

* changes: Remove client usage of md5 Bcrypt as password hashing method in the backend
author: Sébastien Determe <sd378r@intl.att.com> 2018-03-23 09:02:43 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2018-03-23 09:02:43 +0000
commit: d9b46ded4ec845cd34d2ff628c9a24d5917ccf64 (patch)
tree: 94bed709b51b328b9fbb9600d58657337d10cbaf /README.md
parent: 4b3477b503f4effed467765e41026f247c565cbd (diff)
parent: 5c4aee562b7fcb42f10aa62011e0ff6297cee867 (diff)
1 files changed, 16 insertions, 1 deletions
diff --git a/README.md b/README.md
index ea061ce3c..d129e5ba9 100644
--- a/README.md
+++ b/README.md
@@ -91,4 +91,19 @@ With the default log settings, all logs will be generated into console and into
 
 ### Api
 
-You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/openapi.json`
-\ No newline at end of file
+You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/openapi.json`
+
+
+## Clamp Credentials
+
+Credentials should be specified in `src/main/resources/clds/clds-users.json`. You might specify you own credential file by redefining the `clamp.config.files.cldsUsers` in `application.properties`.
+
+Passwords should be hashed using Bcrypt :
+```
+# pip3 install bcrypt  # if you don't have the bcrypt python lib installed, should be done once.
+# python3 -c 'import bcrypt; print(bcrypt.hashpw("password".encode(), bcrypt.gensalt(rounds=10, prefix=b"2a")))'
+```
+
+Default credentials are admin/password and cs0008/password.
+
+
author	Sébastien Determe <sd378r@intl.att.com>	2018-03-23 09:02:43 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2018-03-23 09:02:43 +0000
commit	d9b46ded4ec845cd34d2ff628c9a24d5917ccf64 (patch)
tree	94bed709b51b328b9fbb9600d58657337d10cbaf /README.md
parent	4b3477b503f4effed467765e41026f247c565cbd (diff)
parent	5c4aee562b7fcb42f10aa62011e0ff6297cee867 (diff)