How to produce the hashed password when using auth-method DIGEST ?
Everything works with cleartext passwords using the following login-
config in web.xml:
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>DIGLLOYD.COM</realm-name>
</login-config>
and in context.xml:
<Realm className="org.apache.catalina.realm.JDBCRealm"
connectionName="test"
connectionPassword="test123" connectionURL="jdbc:mysql://
localhost/test"
driverName="com.mysql.jdbc.Driver"
userTable="UserAuth" userNameCol="username"
userCredCol="password"
userRoleTable="UserRole" roleNameCol="role" />
Now I want to add attribute digest="SHA" to the <Realm> above. What
value to insert for the password in the database? Following the Tomcat
6 docs, I tried inserting the value produced by the following:
String credentials = username + ":" + "DIGLLOYD.COM" + ":" + password;
org.apache.catalina.realm.RealmBase.Digest( credentials, "SHA", null);
(http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html)
I've verified that the DB contains the hash values produced by Digest().
It isn't working; all attempts to login fail.
Help is greatly appreciated.
Lloyd Chambers
http://diglloyd.com
[Mac OS X 10.5.2 Intel, Tomcat 6.0.16]
On Apr 22, 2008, at 9:37 AM, Mark Thomas wrote:
DIGLLOYD INC wrote:
Is the realm the <realm-name> specified in the <login-config> in
web.xml? (eg "Tomcat Manager Application")
Yes.
(link above) suggest "localhost:80" might be the realm, but that
makes no sense to me, as this would tie it to a specific port.
That is the default you get if you don't specify one.
The book I have -- "Tomcat, The Definitive Guide, 2nd Edition" is
in conflict with the above documentation, making no mention of
digesting with the username and realm. The book suggest doing:
bin/digest.sh -a MD5 user-password
As does the docs. This is for digested passwords with BASIC or FORM
auth.
But the tomcat 6 docs referenced above suggest doing:
bin/digest.sh -a MD5 username:realm-name:password
This is for digested passwords with DIGEST auth.
--obviously very different approaches!
Because they have different uses.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]