You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@turbine.apache.org by "Lang, Cliff" <cl...@proxicom.com> on 2001/10/17 20:08:59 UTC

TurbineSecurity.encryptPassword -- Does it try an encrpted form on it own? Is it compatible with Unix Crypt?

Does TurbineSecurity.setAuthenticatedUser() try an encrypted form of the
password on it own?  How do you get the salt that was used to encrypt
the original?

I have searched for examples but haven't found any.  Can someone point
me in the right direction?

Thanks,  Cliff

---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org

Re: TurbineSecurity.encryptPassword -- Does it try an encrpted form on it own? Is it compatible with Unix Crypt?

Posted by Daniel Rall <dl...@finemaltcoding.com>.

"Lang, Cliff" <cl...@proxicom.com> writes:

> Does TurbineSecurity.setAuthenticatedUser() try an encrypted form of the
> password on it own?  How do you get the salt that was used to encrypt
> the original?
>
> I have searched for examples but haven't found any.  Can someone point
> me in the right direction?

We use a SHA1 hash by default (configurable via TR.props).  This is
not compatible with UNIX crypt().  You could port a crypt() to a
MessageDigest implementation and use that instead of SHA1.

---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org