tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From DIGLLOYD INC <digllo...@diglloyd.com>
Subject how to populate database with SHA hash for DIGEST
Date Mon, 18 Aug 2008 04:11:03 GMT
How to produce the hashed password when using auth-method DIGEST ?

Everything works with cleartext passwords using the following login- 
config in web.xml:

     <login-config>
         <auth-method>DIGEST</auth-method>
         <realm-name>DIGLLOYD.COM</realm-name>
     </login-config>

and in context.xml:

     <Realm className="org.apache.catalina.realm.JDBCRealm"  
connectionName="test"
         connectionPassword="test123" connectionURL="jdbc:mysql:// 
localhost/test"
         driverName="com.mysql.jdbc.Driver"
         userTable="UserAuth" userNameCol="username"  
userCredCol="password"
         userRoleTable="UserRole" roleNameCol="role"  />

Now I want to add attribute digest="SHA" to the <Realm> above.  What  
value to insert for the password in the database? Following the Tomcat  
6 docs, I tried inserting the value produced by the following:

String credentials = username + ":" + "DIGLLOYD.COM" + ":" + password;
org.apache.catalina.realm.RealmBase.Digest( credentials, "SHA", null);

(http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html)

I've verified that the DB contains the hash values produced by Digest().

It isn't working; all attempts to login fail.

Help is greatly appreciated.

Lloyd Chambers
http://diglloyd.com

[Mac OS X 10.5.2 Intel, Tomcat 6.0.16]




On Apr 22, 2008, at 9:37 AM, Mark Thomas wrote:

> DIGLLOYD INC wrote:
>> Is the realm the <realm-name> specified in the <login-config> in  
>> web.xml? (eg "Tomcat Manager Application")
> Yes.
>
>> (link above) suggest "localhost:80" might be the realm, but that  
>> makes no sense to me, as this would tie it to a specific port.
> That is the default you get if you don't specify one.
>
>> The book I have -- "Tomcat, The Definitive Guide, 2nd Edition" is  
>> in conflict with the above documentation, making no mention of  
>> digesting with the username and realm.  The book suggest doing:
>> bin/digest.sh -a MD5 user-password
> As does the docs. This is for digested passwords with BASIC or FORM  
> auth.
>
>> But the tomcat 6 docs referenced above suggest doing:
>> bin/digest.sh -a MD5 username:realm-name:password
> This is for digested passwords with DIGEST auth.
>
>> --obviously very different approaches!
> Because they have different uses.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message