tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From DIGLLOYD INC <digllo...@diglloyd.com>
Subject Re: how to populate database with SHA hash for DIGEST
Date Mon, 18 Aug 2008 04:38:27 GMT
Answer:  SHA just doesn't work.  MD5 works fine.  I presume this is  
because the browser has no idea what algorithm to use, and just always  
uses MD5.

Lloyd


On Aug 17, 2008, at 9:11 PM, DIGLLOYD INC wrote:

> How to produce the hashed password when using auth-method DIGEST ?
>
> Everything works with cleartext passwords using the following login- 
> config in web.xml:
>
>    <login-config>
>        <auth-method>DIGEST</auth-method>
>        <realm-name>DIGLLOYD.COM</realm-name>
>    </login-config>
>
> and in context.xml:
>
>    <Realm className="org.apache.catalina.realm.JDBCRealm"  
> connectionName="test"
>        connectionPassword="test123" connectionURL="jdbc:mysql:// 
> localhost/test"
>        driverName="com.mysql.jdbc.Driver"
>        userTable="UserAuth" userNameCol="username"  
> userCredCol="password"
>        userRoleTable="UserRole" roleNameCol="role"  />
>
> Now I want to add attribute digest="SHA" to the <Realm> above.  What  
> value to insert for the password in the database? Following the  
> Tomcat 6 docs, I tried inserting the value produced by the following:
>
> String credentials = username + ":" + "DIGLLOYD.COM" + ":" + password;
> org.apache.catalina.realm.RealmBase.Digest( credentials, "SHA", null);
>
> (http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html)
>
> I've verified that the DB contains the hash values produced by  
> Digest().
>
> It isn't working; all attempts to login fail.
>
> Help is greatly appreciated.
>
> Lloyd Chambers
> http://diglloyd.com
>
> [Mac OS X 10.5.2 Intel, Tomcat 6.0.16]
>
>
>
>
> On Apr 22, 2008, at 9:37 AM, Mark Thomas wrote:
>
>> DIGLLOYD INC wrote:
>>> Is the realm the <realm-name> specified in the <login-config> in
 
>>> web.xml? (eg "Tomcat Manager Application")
>> Yes.
>>
>>> (link above) suggest "localhost:80" might be the realm, but that  
>>> makes no sense to me, as this would tie it to a specific port.
>> That is the default you get if you don't specify one.
>>
>>> The book I have -- "Tomcat, The Definitive Guide, 2nd Edition" is  
>>> in conflict with the above documentation, making no mention of  
>>> digesting with the username and realm.  The book suggest doing:
>>> bin/digest.sh -a MD5 user-password
>> As does the docs. This is for digested passwords with BASIC or FORM  
>> auth.
>>
>>> But the tomcat 6 docs referenced above suggest doing:
>>> bin/digest.sh -a MD5 username:realm-name:password
>> This is for digested passwords with DIGEST auth.
>>
>>> --obviously very different approaches!
>> Because they have different uses.
>>
>> Mark
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message