tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Usage of SecretKeyCredentialHandler and bin/digest.sh
Date Tue, 11 Oct 2016 15:24:02 GMT
On 09/10/2016 22:24, Steinar Cook wrote:
> Tomcat version:  9.0.0.M10
> JDK: 1.8.0_45-b14
> 
> Operating system: Mac OS X "El Capitan" version 10.11.6
> 
> I have configured a SecretKeyCredentialHandler inside my Realm:
> 
> <CredentialHandler
> className="org.apache.catalina.realm.SecretKeyCredentialHandler" />
> 
> I am using a DataSourceRealm, which works for plaintext passwords and plain
> MD5 hash'ed passwords.
> 
> When switching to SecretKeyCredentialHandler I can no longer log in.
> 
> The password was created using digest.sh like so:
> 
> bin/digest.sh -a PBKDF2WithHmacSHA1 -h \
> 
> org.apache.catalina.realm.SecretKeyCredentialHandler ringo1
> 
> Which gave:
> ringo1:33ad888cfe318597595149e0e23cc3fc795c0860261880cf1b1c39131f564e9e$20000$a4615c11201f2bcab83f5d576eb782b24be40e4d
> 
> 
> I stored the "33ad88....4d" in the password column in the database.
> 
> Attempting to access the resource fails (401).
> 
> I am using BASIC authentication.
> 
> How do I generate a password which will be recognized by
> SecretKeyCredentialHandler?

You have followed the correct process above. I've just checked that
password locally with a UserDatabaseRealm and it works.

In your shoes I'd be firing up Eclipse and remote debugging my way
through the authentication process to see what is going wrong.

One possibility is that the database has truncated the password value.
It shouldn't have done that silently but I'd recommend checking just to
be sure.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message