You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by digby <li...@digby.net> on 2006/04/28 00:48:10 UTC
auth-mode=DIGEST and MD5 digested passwords
Is there anything to be aware of when (confusingly) you're doing DIGEST
authentication with a standard JDBC realm using MD5 digested passwords?
I've just tried changing an existing app with BASIC authentication to
DIGEST and it stopped authenticating me. I tried all sorts of web.xml
combinations but nothing worked until I put it back to BASIC.
My app worked in development when I was using tomcat-users.xml to
authenticate (so no MD5 digest) - that's what makes me wonder if it's
the DIGEST/digest.
Thanks in advance,
Digby
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: auth-mode=DIGEST and MD5 digested passwords
Posted by lunarfish <da...@lunarfish.co.uk>.
Hi Mark.
Thanks for the swift response. I've just upgraded to 5.5.26 (5 minutes ago)
and the digest auth is all working with the newer release. I guess it may
just have been broken in 5.0.28.
Cheers. Dan
--
View this message in context: http://www.nabble.com/auth-mode%3DDIGEST-and-MD5-digested-passwords-tp4131183p17126389.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: auth-mode=DIGEST and MD5 digested passwords
Posted by Mark Thomas <ma...@apache.org>.
lunarfish wrote:
> Hi Mark - I appear to have the same issue here.
>
> What I've done is changed the default UserDatabase realm, added digest='MD5'
> and digested the passwords in the file. This works fine.
>
> I've then changed web.xml to DIGEST authentication and re-digested the
> passwords as user:UserDatabase:password (as per the doc linked below) and
> this doesn't work. Is there anywhere I can look to debug this?
Realm name needs to be the same as set in the login-config section in
web.xml. It is *not* related to the Tomcat realm class name. If you don't
set it it defaults to the hostname (I think). Some browsers display the
realm in the login box they present to the user.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: auth-mode=DIGEST and MD5 digested passwords
Posted by lunarfish <da...@lunarfish.co.uk>.
Hi Mark - I appear to have the same issue here.
What I've done is changed the default UserDatabase realm, added digest='MD5'
and digested the passwords in the file. This works fine.
I've then changed web.xml to DIGEST authentication and re-digested the
passwords as user:UserDatabase:password (as per the doc linked below) and
this doesn't work. Is there anywhere I can look to debug this?
What the doc doesn't explain is what you do with the digests. I am assuming
that the digest generated by org.apache.catalina.realm.RealmBase is what you
store in tomcat-users.xml as the password.
I'm using Tomcat 5.0.28 on Windows at the moment for development.
Thanks. Dan
markt-2 wrote:
>
> If you switch from BASIC auth + MD5 digested password in realm to DIGEST
> auth + MD5 digested password in realm then you will need to regenerate
> the digests.
>
> In the BASIC auth + digested passwords case you digest:
> password
>
> In the DIGEST auth + digested passwords case you digest:
> username:realm:cleartext-password
>
> The realm is as specified in web.xml or, if not specifed, host:port
>
> http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#Digested%20Passwords
> explains this fully.
>
--
View this message in context: http://www.nabble.com/auth-mode%3DDIGEST-and-MD5-digested-passwords-tp4131183p17124820.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: auth-mode=DIGEST and MD5 digested passwords
Posted by digby <li...@digby.net>.
Great- thanks a lot for that. I'll have a read up, but it's obviously
going to be hard recoding the digested passwords when i don't know the
original.
Mark Thomas wrote:
> digby wrote:
>> Is there anything to be aware of when (confusingly) you're doing DIGEST
>> authentication with a standard JDBC realm using MD5 digested passwords?
>>
>> I've just tried changing an existing app with BASIC authentication to
>> DIGEST and it stopped authenticating me. I tried all sorts of web.xml
>> combinations but nothing worked until I put it back to BASIC.
>
> If you switch from BASIC auth + MD5 digested password in realm to DIGEST
> auth + MD5 digested password in realm then you will need to regenerate
> the digests.
>
> In the BASIC auth + digested passwords case you digest:
> password
>
> In the DIGEST auth + digested passwords case you digest:
> username:realm:cleartext-password
>
> The realm is as specified in web.xml or, if not specifed, host:port
>
> http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#Digested%20Passwords
> explains this fully.
>
> HTH,
>
> Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: auth-mode=DIGEST and MD5 digested passwords
Posted by Mark Thomas <ma...@apache.org>.
digby wrote:
> Is there anything to be aware of when (confusingly) you're doing DIGEST
> authentication with a standard JDBC realm using MD5 digested passwords?
>
> I've just tried changing an existing app with BASIC authentication to
> DIGEST and it stopped authenticating me. I tried all sorts of web.xml
> combinations but nothing worked until I put it back to BASIC.
If you switch from BASIC auth + MD5 digested password in realm to DIGEST
auth + MD5 digested password in realm then you will need to regenerate
the digests.
In the BASIC auth + digested passwords case you digest:
password
In the DIGEST auth + digested passwords case you digest:
username:realm:cleartext-password
The realm is as specified in web.xml or, if not specifed, host:port
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#Digested%20Passwords
explains this fully.
HTH,
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org