tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Generating passwords digests for 9.0.27
Date Tue, 05 Nov 2019 23:18:10 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Pawel,

On 11/5/19 03:33, Mark Thomas wrote:
> On 05/11/2019 00:52, Pawel Veselov wrote:
>> Hello.
>> 
>> I'm doing something where I need to generate a password for a
>> tomcat user that is authenticated using
>> org.apache.catalina.realm.UserDatabaseRealm with "sha" digest,
>> the user database is produced by
>> org.apache.catalina.users.MemoryUserDatabaseFactory from an xml 
>> file (standard conf/tomcat-users.xml)
>> 
>> Reading 
>> https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html#Digested_Pa
sswords
>> I see that it says:
>> 
>> <quote> If you are writing an application that needs to calculate
>> digested passwords dynamically, call the static Digest() method
>> of the org.apache.catalina.realm.RealmBase class, passing the
>> cleartext password, the digest algorithm name and the encoding as
>> arguments. This method will return the digested password. 
>> </quote>
>> 
>> However, there is no static method Digest in
>> org.apache.catalina.realm.RealmBase.
>> 
>> What is the proper way to programmatically generate a proper
>> password hash?
> 
> See org.apache.catalina.realm.RealmBase.main(String[] args)

There is also bin/digest.sh and bin/digest.bat, if you happen to have
a package which contains the scripts.

Run that command and you'll get some help text.

I would highly recommend against using "plain-old SHA-1" signatures.

Have a look at this presentation for some hopefully good justification
and ideas for making things better:

https://tomcat.apache.org/presentations.html#latest-credential-security

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3CAzEACgkQHPApP6U8
pFg++A/+Mpev6LEDPCYDVNzTQYZc9+baSDwH7d4yO3vUweh890VVzkmXqSn4mCnY
ti9xMcc1pcXYC18q0Vr65X54H5r/o1PtfIiezhNRJdnVzpOr7uUMINuWV7Tt5heN
UIgdc48CmvA4KC2wP7YsnkGi61KU50p2h0N/vCxIrWMFRhE5R/QcH50ruRZPb9g1
FdsiTPgPS7DhIlBs8rY64P/ERwTKAYIPU+Y/zFCCZQlog6XfLpilBF8O7zCOz+ls
gHkOx02YaYZs2g5tg1SUEI9fx4Lb5pNsSuq3VuWUM9uylCTYQuvaUeSo4L21T4dP
gSvQBRvrPa4ZD/H5aTSWjOI6+1D8pndphxYNPa6NIBnRyTXL0+1hm2IeStzwf+0x
Uag9Uwjc67iZKTJd6eLtpzrLoDZpMHYxfmo1KAZe5+LjY3vLFirNAQqpBrjqSjjR
bBLCrkIh8Ao1i9s5Yyuol3KAJklZFRhhqOYirO0/upySzxuTo1+8XED28bQIAtcs
3bE4ON1VBwlMrMDRccZmMsdiPBOKmjs/NmvIyrqPL3TXZ5tx7BdeszgMcuAfny6U
pZRIqRxtiT8/moTRfBH63F7Qnl5xOuCXetGGq/uFwrCNIyLjK70vfL7y5tjNm3z4
y8csIdM7rC+i83pL4z21m9pHo3OwLr79hTMdN7JlyxF6CpKvF1k=
=vTrl
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message