tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Fincher" <...@tbird.com>
Subject Re: JDBCRealm
Date Wed, 08 Jan 2003 03:58:15 GMT
Yeah, looks like you almost have it.  The MD5'd password should be in
pg_shadow in the userCredCol, passwd in this case.

Be advised that you should either use only HTTPS for this, or run Tomcat on
the same server as Postgres, or run them both on a secure net behind a
firewall on separate machines to prevent your Postgres database from being
compromised.

MD5 really only prevents snoops on your server from being able to easily
read the passwords in pg_shadow.

Rick

----- Original Message -----

> * Rob Abernethy IV <abernethy@dynedge.com> [0154 21:54]:
> > OK. I was able to get clear-text passwords to work, but I still can't
get
> > encrypted passwords to work.  Using MD5 encryption, Tomcat is able to
> > successfully open a connection to the database using the JDBCRealm set
up in
> > the server.xml, but it is unable to authenticate users for the admin web
app.
> >  I am using the same username and password (username = "tomcat",
password =
> > "tomcat") for both the JDBCRealm and the admin web app.
> >
> > JDBCRealm:
> > <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
> >        driverName="org.postgresql.Driver"
> >     connectionURL="jdbc:postgresql://bilbo.dynedge.com/template1"
> >    connectionName="abernethy" connectionPassword="gceIlu4DaR"
> >         userTable="pg_shadow" userNameCol="usename" userCredCol="passwd"
> >     userRoleTable="pg_groupview" roleNameCol="groname"
> >            digest="MD5" />
> > pg_shadow:
> > usename  | passwd
> > -------------------------
> > tomcat   | md5efcc1c51a80be13b59cdb96d758a0184
>
> You are confusing postgres usernames/passwords with the ones you want in
the tables.
> Tomcat connects to the database as user connectionName , password
connectionPassword
>
> and looks up http authentication users and passwords in userTable  and
userRoleTable.
>
> It looks from your post like you have that backwards (pg_shadow holds
postgres users, not users
> for your apps).
>
> > postgresql log (for admin web app authentication):
> > Jan  7 16:43:34 bilbo postgres[4329]: [9] LOG:  query: SELECT passwd
FROM
> > pg_shadow WHERE usename = 'tomcat'
> > Jan  7 16:43:34 bilbo postgres[4329]: [10] LOG:  duration: 0.001636 sec
> >
> > catalina_log.2003-01-07.txt:
> > 2003-01-07 16:43:34 JDBCRealm[Standalone]: Username tomcat NOT
successfully
> > authenticated
>
> --
> Rasputin :: Jack of All Trades - Master of Nuns


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message