tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51966] Tomcat does not support ssha hashed passwords in all contexts
Date Tue, 11 Oct 2011 20:30:51 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51966

--- Comment #5 from Christopher Schultz <chris@christopherschultz.net> 2011-10-11 20:30:51
UTC ---
(In reply to comment #3)
> Thank you for the great feedback. The salt isn't part of the users password. If
> you look at the digest method that's used to generate the encoded password, it
> is 4 random bytes.

Given the small scope of the patch, it wasn't clear that Principal.getPassword
was returning the hashed password from the credential store. Apologies for not
reading carefully.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message