tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <j...@kewlstuff.co.za>
Subject Re: [tomcat]How to decrypt the DIGEST authentication?
Date Mon, 05 Nov 2007 05:59:26 GMT

---------------------------------------------------------------------------
HARBOR: http://coolharbor.100free.com/index.htm
Now Tomcat is also a cool pojo application server
---------------------------------------------------------------------------
----- Original Message ----- 
From: "zhongliang zhang" <zhangzhongl@msn.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Monday, November 05, 2007 5:28 AM
Subject: RE: [tomcat]How to decrypt the DIGEST authentication?


>
> Hi,
>
> It still does not work.
>
> Here is the trace:
>
> I create the SHA1 password from the command prompt:
>
> C:\tomcat>java org.apache.catalina.realm.RealmBase -a SHA1 
> zhangzhongl:JDBCRealm
> :secret
> zhangzhongl:JDBCRealm:secret:0743d07d727aae8864569cbcefb9ae788150e8b9
>
> C:\tomcat>java org.apache.catalina.realm.RealmBase -a SHA 
> zhangzhongl:JDBCRealm:
> secret
> zhangzhongl:JDBCRealm:secret:0743d07d727aae8864569cbcefb9ae788150e8b9
>
> So,I change the password of user "zhangzhongl" to 
> "0743d07d727aae8864569cbcefb9ae788150e8b9",and add the digest attribute to 
> JDBCRealm element which has a value of "SHA".

======================
Hi Zhang,
As Mark pointed out it can be done.
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#Digested%20Passwords

But they want you to make tha HASH like this

testUser:localhost:8080:testPassword

AND even though the Realm side is giving you a choice of HASH, I have a 
feeling that TC probably uses MD5 on the Security constraint side
I dont know where
<auth-method>DIGEST</auth-method>
actually lets one choose the HASH so I think its MD5

So I THINK....
MD5(zhangzhongl:localhost:8080:thePassword)
will make the right hash... maybe ;)
ie you must make the HASH of all that stuff together, not just the password.
============================
>
> Start the cat,and enter the http://localhost:8080/,the dialog popup,and I 
> enter zhangzhongl & secret as the username & password,which made me feel 
> upset is I can not enter the welcome page.
>
> I do not know what is the reason,and I try to get some info from the 
> logs,but no logs can provide some useful information for this.
>
> If possible,could you do me a favor to send me a simple sample application 
> for test and get this problem solved?
>
> thank you so much!
>
> _________________________________________________________________
> Explore the seven wonders of the world
> http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message