From users-return-268694-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Tue Nov 5 23:18:21 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 79DC0180648 for ; Wed, 6 Nov 2019 00:18:21 +0100 (CET) Received: (qmail 20459 invoked by uid 500); 5 Nov 2019 23:18:15 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 20448 invoked by uid 99); 5 Nov 2019 23:18:15 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Nov 2019 23:18:15 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 1BD27C017A for ; Tue, 5 Nov 2019 23:18:15 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.5 X-Spam-Level: X-Spam-Status: No, score=0.5 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, KAM_NUMSUBJECT=0.5, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=christopherschultz-net.20150623.gappssmtp.com Received: from mx1-ec2-va.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id Uob68HiT3U3m for ; Tue, 5 Nov 2019 23:18:12 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.222.172; helo=mail-qk1-f172.google.com; envelope-from=chris@christopherschultz.net; receiver= Received: from mail-qk1-f172.google.com (mail-qk1-f172.google.com [209.85.222.172]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 743DFBC571 for ; Tue, 5 Nov 2019 23:18:12 +0000 (UTC) Received: by mail-qk1-f172.google.com with SMTP id m16so22554400qki.11 for ; Tue, 05 Nov 2019 15:18:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=christopherschultz-net.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=1YWpg5YH2///hJYDWs62rkrPlqbSWUnk34PEwkvRHkw=; b=pxOtgVCvciLeRKDJNuuc0yfVuFZ90xxXtuA/mZjJd4ACdb5Hf8u0r/S+bLTL22pKZm SooRt1FFo5wybx/W2XLVFflfvSyelJmUJvcjGbiHIbgkBZoPMGYUDdCS2cKREVQHTyTh UfiwQs2Lz0dZjvoM8Q5m2Tz2sreWedtyxqLku5YSQeTctbQWY7TABTZmQHeOFzANbe8B mU/5s8ThfYqQJt4ZYPNONJ2u/BDGd9+B5ar23Zk32p8whXrgFDjYtNwCLcvItl354zbK i2ejAXkIDACcldSN8KAbSBf253qCQ01yIHH/+cidpyTkaE8xHdZ99QVle6ORbwxO9vLx R6kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=1YWpg5YH2///hJYDWs62rkrPlqbSWUnk34PEwkvRHkw=; b=XMAeNx5pBTceDW3wUOlZdw8C2lx9pEBXlUKFmYP2t8XjdCi6M2TjK7CjvZr7ZD+H1e 8l1SQb3Ctp//2ZtRHIHpddw3mSLd0aWK62a3xrFrJHOB+ZewYkHzwmc7boY0q3U6sIwZ l5iuDLLin1Qetd+hX3t0Tjk+5N6neaBqfWd5UnV/ARswhzBtGQ3bF/yAHf85emYwsfTU RlOXAeTxAGiPlw7qIoYJwH/73P9bFClSEpGFxO5uIZz+R3DtZOXAAzaIj7L7ZDN64hkU oZT3CCA1a6XRxlTAbiuXF0p+DPoOK+stKrdyRssMQBKxP7aDyRaPPiCzmWDvmE6739S8 dvyA== X-Gm-Message-State: APjAAAWXPEqPYFMcduXMVqZGQ5uhRwhjrw9QoIow0PgJd8PEueatisoF h6J4pROd9Lh6Q0hIUidrbl+Uhlkf1H8= X-Google-Smtp-Source: APXvYqzKboSLACHUMaSzX1+ffS6FxlTOqqsgqddU/R5YjRq5df9GJ050RVYYx9uG8iuOu6yQMlHxNw== X-Received: by 2002:a37:a792:: with SMTP id q140mr19802848qke.216.1572995891624; Tue, 05 Nov 2019 15:18:11 -0800 (PST) Received: from Christophers-MacBook-Pro-2.local (pool-108-48-175-111.washdc.fios.verizon.net. [108.48.175.111]) by smtp.gmail.com with ESMTPSA id p54sm15668250qta.39.2019.11.05.15.18.10 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Nov 2019 15:18:11 -0800 (PST) Subject: Re: Generating passwords digests for 9.0.27 To: users@tomcat.apache.org References: From: Christopher Schultz Openpgp: preference=signencrypt Autocrypt: addr=chris@christopherschultz.net; keydata= xsFNBE+pgz4BEADd7qAWgqXcNltlB3aow0UneRmNSVjHKgekgs0ZXxG9l50Athksr/3bL/yg bxFB00JcM9W+UxLhKHiMSyzfeBHn9l9wAlLFKs0S91KXTUnRwGFtvgstvGROoqPgTVREklnm yW/KpzOwqSrQ5xHcogaT+XWlXmRbtFypi52Z5HGWlFWWgwx0vKBWHmQayPtCif0v1RDxfdV9 zziodn0TnpfBQsEgf9TDAjkNT8f0ecwTnhSihTDm1W5HCK7Pm5DfUtree1Oh6Ncz2ljlUO0b 3Lai9pX48eZOj7WQXPefkcv2AoUvdELkQKw3klM5YNXbXPf1KAjky+q4DQ1ydD6LkK+9cI3S TeMesTlk/tytOsaN2NH2k87sEpcumbH0AcmPFEnIYUfm4KzWdKlYA6mbV3Pk3tHSuayyJovj h/7Y7BG9p2l7D60r49hzrTPG8VxNkSliNLcSjI3QjYpfhSlqmqXyVKzdzirK1HPr1xfJStig RpLP9nWarZjoXng9N0etGwtH/8roeDPYA8x9ba1KXy/1g/i+RLx2ms+rueCpnFZxU3GZNUSp RfpdUbwCN3Zm1w5Z6SI8X2aSnWWeYzU6HMsV+P4PROnFsgxDeOpyWhyEaaVLXQtOYwcHneHb n56vSG50TkAuHs5kk/3/YDPSsqjsUPOuhKgFMh3iqMTh5DMdSwARAQABzTJDaHJpc3RvcGhl ciBTY2h1bHR6IDxjaHJpc0BjaHJpc3RvcGhlcnNjaHVsdHoubmV0PsLBegQTAQgAJAIbLwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCT6mETgIZAQAKCRDzrVyUpn9wflkxD/9IsahRqHTV /hH5nuPqVO692cQqHvPtMPO6lDb4909VN5T1i+1hFr80P0KVDL6EI78lDBJ2TThWI0o5vFdm sRlei59wsgTvkKTph5QwwOWl7OyzUDX3WbKhkNQdGf4I+/g/1s2bHaRoG30ELdL7cwUPCPrW 0KQwBy7Rtr0WbdujKOw9b/UcgyXEOE1wNcorq/E1o5/6BRYIcFQOO4sjHjGcChOpSg5ms4zb s+Xv3gOtLrbmOPRTXdvBxwJA6kkfQFHvI42kXYghTdqhBVPnHYPqUeavRsb+Yz3ghkZhj35i GfaGyXNwFBikCYjzIaj44NOkT1pU50MgIbjSJ+xoHnC20T942kekqp6wzqUM19Pa9ohsEdA1 Sf6/A7RmpZRrxSIY02ZVnGccnVjglnylVcnxrNAZC3ebxCeZPQ09FBR0Uqlsrdt7A3hlEP2F aoMTSa+hYqfWBGB7uZhcJZIsZspxm8J0txeOzYNSFDl7mF134ShRsq6dpSugCdcdeSWKliBz q0U8sIabOFLMxM0hbwkn2RG4OaurJLWXQf+7IhA/J8TizjkbdxLmR2PiTiVtrx484mpWpbF8 po/em0q/reFnL+JtOM6qlJE/Q4B6PfkchhU5vKPfmGw98t9guyw5G8YSR1rR+SOowHg4T/i2 Rezz1idKmoFpPdNFRPlOAC+d687BTQRPqYM+ARAAzEItVpzvcgZB+faUWi54lJoA8GnVxXEe OQY+7wk/P5i9GtL0UVXC53j2F87BDVXGalKgVjEVdNY3Cyx+dJ2os65gjxd6ZK18zc6N7YZB Z00XNU9nTz5XImZzHn4VmeXYMQrKO/981nCNPlV6CVdgGg9wl1Ij5Sh8SSTb8kWSo1ngx+XX 4yJNUbfSh32yMPVGI7ZcoZLm9gdgTOOnuEkeeGs/lPvYN+1Cv/YtvkPybSOSWSdHxIVU4Iko 6V7IkM1amjdwKfoeg+CLhZsbY7VLAzVtGvaF5z4rtJtCfTfhbYD0wS8afEBcvsew1HdtYDT5 AJqojeZBGDuY7JCgALc3HCy34Zzk+mi1qwvrm5i/CBMuIvjxB2MkzhHQNUD20fzdRcoIgw4J IzbqZLlOpVFehDXzKT/h5vh+Uv7s6Rz5gP5i0Rkcghw00mRBvuN8mpQnLt4hYL22cNh/tk0L Fxda7ZaPehu7ug4E5FEB0Ifm1KV18P7Kpfu8tiSLz7rl++x73o4uv4bk1ZnjO/jFsx0KLGwq VxR276ZIwsV4WpLYvJ5fR0kqqd/TOKXGSEA0eGxWTeb/fNtkYemRVoasB1+rqjh/Rz0p20o8 elkqDhpzzhrMNzEMYkLySu7npWCeWW4Nd6097+OG9BCLO+ndGmAcupdu6WMEj2UlWsQxuCYC PgsAEQEAAcLDfgQYAQgACQUCT6mDPgIbLgIpCRDzrVyUpn9wfsFdIAQZAQgABgUCT6mDPgAK CRAc8Ck/pTykWO6WD/0XlAG4D4GwzzuOfh7DG6cm/I0vmASEJkY5ghStW4GUbYosgS/btyj/ YPWzVh4HWMvuA6YYKCuz/CM3h34dR25XmHqUdOyJOCnMJ3psdv5YsytgnEdvINZALlDdBX3G sfytgS0KnVjAc92LfJOxHAsZf4zE3SU28FMX7jCgeqO3YrvkHsZ8dzzgw3QYT0J3NcYfkflb DPBXBDGrvdUuea/w6F17pctdRdt7jE3JiLFq2F9ehXOSsIwecUlqVYiCRuxblD4cJ6gKMn0y 8zllW4GyIbf/+mNLkpKoMPYnptDvcEojluHtwbkSfF5AwgJbm6pfs9a2vpGBVko+dBXGh4/T 3qNYxeGEAsI0psEJu3EZN9dYv/ZOb69DUJ6SwEKp/L7lU7C8HoLx/MpKtuJO9OS5uuAhdBSi GqfaN9zP2NxPXSwnexVK2exy/h5sUevDsnBEHmyxe5GRSrIilyijLtlYhq2W7G95poxIFZuL Db98R+7VR9Yl9uOZ6kRBJmzp9X2oB8MDHoKe4QEuiRx/5/DNxB8i2QoTWN/BfluTSfVpO5rf jSXlaUuFOnouBrWdmbaBdg+47m4IGEz129Zdf+y+ISexQ6P16ZY1oYxYlbQSaEwk0+TJ4B0C uvMHwPF3SDH2LeRx+mK2OvwnVulvj2+WdW/rIVgwhwbKmBLj40R+Uq4zD/4iRxJ5PF1ynjxR po3Izp/ZrYWrPgtBg0jUZ8DdlAiRHCFGPpccK8RvBWXmtzF4XQsV39aPBqcE3W6IcTnIMrDi 6mnqealpfiUq+4RGNfRFN9wtgViZLy/FRWi76k+vo/Jmp7/K9JblGX48D2JL9FX0w5PXkpE4 abmY1OASQUiwoJ4n1asxwEonSaWeYbI7X5IqdvevGyfYdSn4VEywdrYGtWjsWlZ/DPofPwsI bQXGY6o+wg9lDAk2L2nVTa05XuyOooUPwKLD0WrLOIxLmcbVv/tgJG03/uI4iDitSofTKnpz E+xdpfFIyw1Mb8PO4WJi0gpHmmLUbG8AMLS+8wSDFwIA4TXQFy9suXXzLuuzML+G5h9Mo5D6 q5HsIe59lhdwk7oEPZJ1NWLfLavTENQg5ObS2YT1KaFskFxxgtcU0aBytAxTjkgGRB8UunXl NJeCuTIAUxXw41P93V4Khigc5dEOG1kEDoq0dAlAE7AbL6Vzc/Go+UwivtUil3sXADOyM9PT JjLNnye+2V0ywQncJ1AG6sxICpPKzv8oYP6xwurEuKnF8DAWEHEwT+Fb277Idv1v8uMGvltp coe7olE0O+TRUtMEwtEp4g4m8ym1rJI/yfwXtHkS8QcVBA9LRqcWEna1VPlT1pk3BSq/1xQa F/4OLScBfV2JbF93sN0SLw== Message-ID: Date: Tue, 5 Nov 2019 18:18:10 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:55.0) Gecko/20100101 Thunderbird/55.0a1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Pawel, On 11/5/19 03:33, Mark Thomas wrote: > On 05/11/2019 00:52, Pawel Veselov wrote: >> Hello. >> >> I'm doing something where I need to generate a password for a >> tomcat user that is authenticated using >> org.apache.catalina.realm.UserDatabaseRealm with "sha" digest, >> the user database is produced by >> org.apache.catalina.users.MemoryUserDatabaseFactory from an xml >> file (standard conf/tomcat-users.xml) >> >> Reading >> https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html#Digested_Pa sswords >> I see that it says: >> >> If you are writing an application that needs to calculate >> digested passwords dynamically, call the static Digest() method >> of the org.apache.catalina.realm.RealmBase class, passing the >> cleartext password, the digest algorithm name and the encoding as >> arguments. This method will return the digested password. >> >> >> However, there is no static method Digest in >> org.apache.catalina.realm.RealmBase. >> >> What is the proper way to programmatically generate a proper >> password hash? > > See org.apache.catalina.realm.RealmBase.main(String[] args) There is also bin/digest.sh and bin/digest.bat, if you happen to have a package which contains the scripts. Run that command and you'll get some help text. I would highly recommend against using "plain-old SHA-1" signatures. Have a look at this presentation for some hopefully good justification and ideas for making things better: https://tomcat.apache.org/presentations.html#latest-credential-security - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3CAzEACgkQHPApP6U8 pFg++A/+Mpev6LEDPCYDVNzTQYZc9+baSDwH7d4yO3vUweh890VVzkmXqSn4mCnY ti9xMcc1pcXYC18q0Vr65X54H5r/o1PtfIiezhNRJdnVzpOr7uUMINuWV7Tt5heN UIgdc48CmvA4KC2wP7YsnkGi61KU50p2h0N/vCxIrWMFRhE5R/QcH50ruRZPb9g1 FdsiTPgPS7DhIlBs8rY64P/ERwTKAYIPU+Y/zFCCZQlog6XfLpilBF8O7zCOz+ls gHkOx02YaYZs2g5tg1SUEI9fx4Lb5pNsSuq3VuWUM9uylCTYQuvaUeSo4L21T4dP gSvQBRvrPa4ZD/H5aTSWjOI6+1D8pndphxYNPa6NIBnRyTXL0+1hm2IeStzwf+0x Uag9Uwjc67iZKTJd6eLtpzrLoDZpMHYxfmo1KAZe5+LjY3vLFirNAQqpBrjqSjjR bBLCrkIh8Ao1i9s5Yyuol3KAJklZFRhhqOYirO0/upySzxuTo1+8XED28bQIAtcs 3bE4ON1VBwlMrMDRccZmMsdiPBOKmjs/NmvIyrqPL3TXZ5tx7BdeszgMcuAfny6U pZRIqRxtiT8/moTRfBH63F7Qnl5xOuCXetGGq/uFwrCNIyLjK70vfL7y5tjNm3z4 y8csIdM7rC+i83pL4z21m9pHo3OwLr79hTMdN7JlyxF6CpKvF1k= =vTrl -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org