tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Holman <>
Subject Re: Using JNDIRealm with password digesting and openldap
Date Mon, 04 Feb 2002 23:15:47 GMT

This isn''t possible with the current JNDIRealm in Tomcat 4, though you 
could probably specify the appropriate digest algorithm and
hack the Tomcat code to disregard the  {crypt} prefix returned from OpenLDAP.

A much cleaner solution is to have the JNDIRealm to authenticate by binding 
to the directory as the user,
in which case doesn't matter how how the password is stored in the 
directory. I submitted a patch
for JNDIRealm to the tomcat-dev list last week which supports this, and you 
could consider giving that a try. This assumes that you
are using HTTP basic authentication or form-based login, not HTTP digest 


At 15:59 04/02/02, you wrote:
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the system manager.
>I'm trying to use tomcat's JNDIRealm with OpenLDAP. I've converted my
>passwords to digest format in the LDAP directory instead of plain text.
>Apparently, tomcat only excepts only hex formatted password where openLDAP
>provides passwords of the format
>{crypt}XXXXX where crypt = { SHA, MD, ... } and XXX is a base64 encoded
>Is there a way to configure tomcat to accept this format of passwords? If
>so does this require any recompilation of
>Thanks for your help,
>--  Dirk
>To unsubscribe:   <>
>For additional commands: <>
>Troubles with the list: <>

To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message