Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 57984 invoked from network); 8 Sep 2006 18:00:15 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 8 Sep 2006 18:00:15 -0000 Received: (qmail 42512 invoked by uid 500); 8 Sep 2006 18:00:01 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 42438 invoked by uid 500); 8 Sep 2006 18:00:01 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 42215 invoked by uid 99); 8 Sep 2006 18:00:00 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Sep 2006 11:00:00 -0700 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=DNS_FROM_RFC_ABUSE X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [129.95.96.10] (HELO vega.bme.ogi.edu) (129.95.96.10) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Sep 2006 10:59:58 -0700 Received: from [129.95.96.175] (kopernik.bme.ogi.edu [129.95.96.175]) by vega.bme.ogi.edu (8.13.6/8.13.6) with ESMTP id k88Hxb8h009093 for ; Fri, 8 Sep 2006 10:59:37 -0700 Message-ID: <4501AF84.40706@bme.ogi.edu> Date: Fri, 08 Sep 2006 10:59:32 -0700 From: Jon Yeargers User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: users@tomcat.apache.org Subject: SHA encrypting passwords for realm Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-6; AVE: 7.1.1.16; VDF: 6.35.1.205; host: vega.bme.ogi.edu) X-Virus-Scanned: ClamAV 0.88.2/1826/Fri Sep 8 04:38:39 2006 on vega.bme.ogi.edu X-Virus-Status: Clean X-Scanned-By: milter-spamc/0.25.321 (vega.bme.ogi.edu [129.95.96.10]); Fri, 08 Sep 2006 10:59:38 -0700 X-Spam-Level: X-Spam-Report: Spam detection software, running on the system "vega.bme.ogi.edu", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see postmaster@bme.ogi.edu for details. ____ Content preview: Im running my app using a 'DataSourceRealm' (MySQL) wherein I have encrypted the stored passwords using SHA. I added the 'digest="SHA"' to the realm definition. The logins were working when I didn't encrypt the passwords. Now that they are encrypted I can't login anymore. [...] ____ Content analysis details: (-5.9 points, 2.0 required) ____ pts rule name description ---- ---------------------- -------------------------------------------------- -3.3 ALL_TRUSTED Did not pass through any untrusted hosts -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 0.0 AWL AWL: From: address is in the auto white-list ____ X-Virus-Checked: Checked by ClamAV on apache.org X-Old-Spam-Flag: NO X-Old-Spam-Status: NO, hits=-5.90 required=2.00 X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Im running my app using a 'DataSourceRealm' (MySQL) wherein I have encrypted the stored passwords using SHA. I added the 'digest="SHA"' to the realm definition. The logins were working when I didn't encrypt the passwords. Now that they are encrypted I can't login anymore. Does the MySQL 'SHA(pw)' command create passwords that are usable by Tomcat ? I have them stored in a 'blob' column. They were created as follows: update users set user_pass=SHA("pw") where user_name='test0'; --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org