On Fri, 19 Oct 2001, Niklas Neumann wrote: > Hi, > > we intend to use the Tomcat server to serve JSP and servlets for our > intranet. Actually it fails because Tomcat isn't able to authenticate our > users with their linux md5crypted-password. > I think md5crypted-passwords are a type of standard on linux systems and > would really appreciate the ability of Tomcat to handle these. > > Digging around I found a mail to the Jakarta commons project where an author > offered his implementation of the md5crypt algorithm: > http://www.mail-archive.com/jakarta-commons@jakarta.apache.org/msg01390.html > I think it would fit perfectly as an extension for the Tomcat Realms.
Yes, we had it - it worked fine, but we decided to not include it in the 'main' release ( to keep things simpler ), and it would fit better as an add-on module. Plus, IMHO it's better to use a standard API for login, and we should turn the crypted realm ( and all other ) into jaas plugins (well, for JDK1.2 compatibility we should keep the existing ones, but for new ones). For your problem this is a far better solution - JAAS ( AFAIK ) should be able to interoperate with PAM, which is the 'real' Linux authentication mechanism ( and not the password files, which are just an implementation detail ! ). There are already at least 2 implementation for JAAS for tomcat, you can probably find a good one in JBoss ( I suspect Enchydra had one too, but not sure where it could be found ). As a side effect, this mechanism whould be usable with Win and most other unixes that use PAM. Again, I never tried using JAAS to access PAM, but the design is very similar, and if it doesn't have an PAM plugin we should write it :-) Costin
