-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Pawel,
On 11/5/19 03:33, Mark Thomas wrote: > On 05/11/2019 00:52, Pawel Veselov wrote: >> Hello. >> >> I'm doing something where I need to generate a password for a >> tomcat user that is authenticated using >> org.apache.catalina.realm.UserDatabaseRealm with "sha" digest, >> the user database is produced by >> org.apache.catalina.users.MemoryUserDatabaseFactory from an xml >> file (standard conf/tomcat-users.xml) >> >> Reading >> https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html#Digested_Pa sswords >> I see that it says: >> >> <quote> If you are writing an application that needs to calculate >> digested passwords dynamically, call the static Digest() method >> of the org.apache.catalina.realm.RealmBase class, passing the >> cleartext password, the digest algorithm name and the encoding as >> arguments. This method will return the digested password. >> </quote> >> >> However, there is no static method Digest in >> org.apache.catalina.realm.RealmBase. >> >> What is the proper way to programmatically generate a proper >> password hash? > > See org.apache.catalina.realm.RealmBase.main(String[] args) There is also bin/digest.sh and bin/digest.bat, if you happen to have a package which contains the scripts. Run that command and you'll get some help text. I would highly recommend against using "plain-old SHA-1" signatures. Have a look at this presentation for some hopefully good justification and ideas for making things better: https://tomcat.apache.org/presentations.html#latest-credential-security - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3CAzEACgkQHPApP6U8 pFg++A/+Mpev6LEDPCYDVNzTQYZc9+baSDwH7d4yO3vUweh890VVzkmXqSn4mCnY ti9xMcc1pcXYC18q0Vr65X54H5r/o1PtfIiezhNRJdnVzpOr7uUMINuWV7Tt5heN UIgdc48CmvA4KC2wP7YsnkGi61KU50p2h0N/vCxIrWMFRhE5R/QcH50ruRZPb9g1 FdsiTPgPS7DhIlBs8rY64P/ERwTKAYIPU+Y/zFCCZQlog6XfLpilBF8O7zCOz+ls gHkOx02YaYZs2g5tg1SUEI9fx4Lb5pNsSuq3VuWUM9uylCTYQuvaUeSo4L21T4dP gSvQBRvrPa4ZD/H5aTSWjOI6+1D8pndphxYNPa6NIBnRyTXL0+1hm2IeStzwf+0x Uag9Uwjc67iZKTJd6eLtpzrLoDZpMHYxfmo1KAZe5+LjY3vLFirNAQqpBrjqSjjR bBLCrkIh8Ao1i9s5Yyuol3KAJklZFRhhqOYirO0/upySzxuTo1+8XED28bQIAtcs 3bE4ON1VBwlMrMDRccZmMsdiPBOKmjs/NmvIyrqPL3TXZ5tx7BdeszgMcuAfny6U pZRIqRxtiT8/moTRfBH63F7Qnl5xOuCXetGGq/uFwrCNIyLjK70vfL7y5tjNm3z4 y8csIdM7rC+i83pL4z21m9pHo3OwLr79hTMdN7JlyxF6CpKvF1k= =vTrl -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
