Hi all,We are planning an Alfresco deployment which will (at least initially) run on cloud servers. Since we won't have access to the existing directory server, we planned to use the built-in Alfresco authentication subsystem.However, this uses MD4 hashes, which are easily broken. authentication-services-context.xml says: <!– Passwords are encoded using MD4 –> <!– This is not ideal and only done to be compatible with NTLM –> <!– authentication against the default authentication mechanism. –> <bean id="passwordEncoder" class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl"></bean>
Is there any alternative authentication subsystem for Alfresco that uses a secure hash (SHA-1 or better)?Is it possible, for example, to replace org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl with a bean providing a more secure implementation?We don't need CIFS etc, so the NTLM compatibility isn't an issue - I understand this is why Alfresco still uses MD4.Thanks for any pointers…
