Creates the AuthAdminServiceImpl using the given authentication and LDAP parameters.
Note: if ldapParams.uri is empty, LDAP authentication will be disabled.
See the Poco::Data::Session class for more information on connector names and connection strings.
Upon successful authentication of a user, the class will cache the permissions for the user so that further permission checks are very quick.
This implementation supports multiple variants/versions of storing password hashes.
- Version 1 is the original mechanism, using MD5 with a global salt. This is no longer considered secure and should no longer be used.
- Version 2 uses PBKDF2 with HMAC-SHA1 and per-user random salt.
- Version 3 uses PBKDF2 with HMAC-SHA1 and per-user random salt with additional MD5 password hashing allowing implementation of secure challenge-response authentication mechanisms such as SCRAM-SHA1.
Version 3 is recommended for new deployments. Stored passwords using a lower version than the one configured will automatically be upgraded as soon as a user successfully authenticates.
Note that the getUserAttribute() method of this implementation supports the following special attributes:
- $salt: Returns the salt used for hashing the given user's password. For Version 1, this will be the configured global salt string. For Version 2, this will be a string consisting entirely of hexadecimal digits. For Version 3, this will be a string containing binary data.
- $iterations: Returns the number of PBKDF2 iterations used for hashing the given user's password.
- $hash: Returns the password hash stored for the given user. For Versions 1 and 2, this will be a string consisting entirely of hexadecimal digits. For Version 3, this will be a string containing binary data.
- $version: Returns the version of the hash used for the given user.