How to decrypt the DIGEST authentication? 2007-11-04 - By Mark Thomas
Back
zhongliang zhang wrote:
> Hi,Mark,
> I have to turn to you again.
> I encounter the problem with configuring the Digested-Password in the
JDBCRealm.
> The JDBCRealm fragment of the $TOMCAT_HOME/conf/server.xml is shown as
followed:
> <Realm className="org.apache.catalina.realm.JDBCRealm" driverName=
"com.mysql.jdbc.Driver" connectionURL="jdbc:mysql://localhost/test"
connectionName="root" connectionPassword="root" userTable=
"users" userNameCol="user_name" userCredCol="user_pass" userRoleTable=
"user_roles" roleNameCol="role_name" />
> and in the $TOMCAT_HOME/conf/web.xml,I did the following security-constraint:
> <security-constraint> <web-resource-collection> <web-resource-name>all</web
-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth
-constraint> <role-name>customized</role-name> </auth-constraint></security
-constraint><login-config> <auth-method>DIGEST</auth-method> <realm-name
>JDBCRealm</realm-name></login-config>
> it works with mysql database which is just for testing.Now in my database
table users,I insert a record:
> user_name:zhangzhongl
> user_pass:zhangzhongl
> and in the database table,I insert a record:
> role_name:customized
> username:zhangzhongl
> So,it works before I added the digest attribute to the <Realm> element with
value "SHA" or "MD5".
OK, so far so good. DIGEST auth is working with cleartext passwords stored
in the database.
> After I added the digest attribute,
> I copied the tomcat-juli.jar from $TOMCAT_HOME/bin to $TOMCAT_HOME/lib,then
start up,
Not sure why you needed to do this.
> after I entered the username zhangzhongl and clear-text password
> (Now,in the database,I stored the password with SHA encrypted form),
> it does now work,which means I can not enter the tomcat welcome page.
I assume you mean it doesn't work here. OK. The important thing is how you
generated the SHA encrypted password. To use DIGEST *and* digested
passwords you need to do:
java org.apache.catalina.realm.RealmBase -a {algorithm}
{username}:{realm}:{cleartext-password}
For you example, assuming a password of secret:
java org.apache.catalina.realm.RealmBase -a SHA1 zhangzhongl:JDBCRealm:secret
Note this should all be on the same line.
Full details at
http://tomcat.apache.org/tomcat-6 (See http://cat-6.ora-code.com).0-doc/realm-howto.html#Digested%20Passwords
HTH,
Mark
>
> I do not know what the reason is.
> Please do me a favor.
> thanks so much!> > http://tomcat.apache.org/tomcat-6 (See http://cat-6.ora-code.com).0-doc/realm-howto.html
#Digested%20Passwords> > Mark> > -- ---- ---- ---- ---- ---- ---- ---- ---- ----
-- ---- ---- ---- ----> To start a new topic, e-mail: users@(protected)>
To unsubscribe, e-mail: users-unsubscribe@(protected)> For additional
commands, e-mail: users-help@(protected)>
> __ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ __
> Connect to the next generation of MSN Messenger
> http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source
=wlmailtagline
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)
|
|
