Hi, I am new to the list. I have been trying to use the JNDIRealm on our System Architecture: Solaris 8 + OpenLDAP. Since moving to a better encryption scheme on Solaris 8 is painful (and mainly undocumented ;-)), we are using the basic crypt algorytthm.
Now I have seen a few issues with the RealmBase and obviously the JNDIRealm. First of all the notion of Salt is not present in the RealmBase. Salt is not tied to Unix Crypt but can be applied to any encryption scheme and is pretty standard. Secondly, when using a custom digest (or not) the comparison of password is comparing an Hex value (RealmBase) with the encrypted value found in the backend datastore (LDAP, DB, ...). Basically the comparison never works. I have worked on few workarounds and came to these decisions and impelmented it: - It would make sense to add a filtering mechanism (a CredentialFilter XML attribute in a Realm configuration) on the clear and encrypted credential, so you have room to do any kind of manipulation on both entities. - Add a security package for any custom MessageDigest classes and any JAAS LoginModules and JAAS Configuration classes (in this case, I have a MessageDigest for the Unix Crypt and an XML based JAAS configuration). Could you give me feedbacks on these issues ? Thanks Olivier -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
