You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@roller.apache.org by Anil Gangolli <an...@busybuddha.org> on 2005/12/04 07:51:11 UTC
hashed passwords and Acegi?
Can I configure something in the Acegi security.xml that allows me to
use the old encrypted (hashed) passwords?
Is there a way for me to inject my own digesting class if necessary?
--a.
Re: hashed passwords and Acegi?
Posted by Anil Gangolli <an...@busybuddha.org>.
OK. I checked the RealmBase digest.sh/.bat utility in Tomcat, and it
produces the same results I currently have in the db, which authenticate
fine with Acegi, so things appear to be fine, and I'm not sure what
happened initially. It may have been user error on my part with
CAPS-LOCK or something silly.
--a.
Matt Raible wrote:
>On 12/4/05, Anil Gangolli <an...@busybuddha.org> wrote:
>
>
>>Hmm. I tried to upgrade my development 2.0 db to 2.1; I had been
>>running with
>>
>>passwds.encryption.enabled=true
>>passwds.encryption.algorithm=SHA
>>
>>which I retained after the upgrade. After the upgrade the user was
>>unable to login due to authentication failures. I blew away the db and
>>recreated from scratch, and had no problem. Could there be a
>>compatibility issue between the form of the digest that Acegi is
>>generating/expecting?
>>
>>
>
>I don't think so - I've had no issues with my 1.2 and 2.0 database
>running with encrypted passwords. Is it possible there's something in
>the 2.1 upgrade script? Can compare your user records before and
>after the upgrade?
>
>Matt
>
>
>
>>I'll need to retest.
>>
>>--a.
>>
>>
>>Matt Raible wrote:
>>
>>
>>
>>>On 12/3/05, Anil Gangolli <an...@busybuddha.org> wrote:
>>>
>>>
>>>
>>>
>>>>Can I configure something in the Acegi security.xml that allows me to
>>>>use the old encrypted (hashed) passwords?
>>>>
>>>>
>>>>
>>>>
>>>This should already be configured. If you turn on encrypted passwords
>>>(which I do), it'll use whichever encryption algorithm you specify in
>>>roller.properties. I'm using SHA, but MD5 is also an option.
>>>
>>>
>>>
>>>
>>>
>>>>Is there a way for me to inject my own digesting class if necessary?
>>>>
>>>>
>>>>
>>>>
>>>Yes, you should just need to create a class that implements PasswordEncoder.
>>>
>>>http://tinyurl.com/93q78
>>>
>>>Note that we might have to modify RollerContext to handle this.
>>>Currently, it only looks for SHA and MD5. We might need to make some
>>>modifications to support a full classname instead.
>>>
>>>Hope this helps,
>>>
>>>Matt
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>
>
>
>
Re: hashed passwords and Acegi?
Posted by Matt Raible <mr...@gmail.com>.
On 12/4/05, Anil Gangolli <an...@busybuddha.org> wrote:
>
> Hmm. I tried to upgrade my development 2.0 db to 2.1; I had been
> running with
>
> passwds.encryption.enabled=true
> passwds.encryption.algorithm=SHA
>
> which I retained after the upgrade. After the upgrade the user was
> unable to login due to authentication failures. I blew away the db and
> recreated from scratch, and had no problem. Could there be a
> compatibility issue between the form of the digest that Acegi is
> generating/expecting?
I don't think so - I've had no issues with my 1.2 and 2.0 database
running with encrypted passwords. Is it possible there's something in
the 2.1 upgrade script? Can compare your user records before and
after the upgrade?
Matt
>
> I'll need to retest.
>
> --a.
>
>
> Matt Raible wrote:
>
> >On 12/3/05, Anil Gangolli <an...@busybuddha.org> wrote:
> >
> >
> >>Can I configure something in the Acegi security.xml that allows me to
> >>use the old encrypted (hashed) passwords?
> >>
> >>
> >
> >This should already be configured. If you turn on encrypted passwords
> >(which I do), it'll use whichever encryption algorithm you specify in
> >roller.properties. I'm using SHA, but MD5 is also an option.
> >
> >
> >
> >>Is there a way for me to inject my own digesting class if necessary?
> >>
> >>
> >
> >Yes, you should just need to create a class that implements PasswordEncoder.
> >
> >http://tinyurl.com/93q78
> >
> >Note that we might have to modify RollerContext to handle this.
> >Currently, it only looks for SHA and MD5. We might need to make some
> >modifications to support a full classname instead.
> >
> >Hope this helps,
> >
> >Matt
> >
> >
> >
> >
>
>
>
Re: hashed passwords and Acegi?
Posted by Anil Gangolli <an...@busybuddha.org>.
Hmm. I tried to upgrade my development 2.0 db to 2.1; I had been
running with
passwds.encryption.enabled=true
passwds.encryption.algorithm=SHA
which I retained after the upgrade. After the upgrade the user was
unable to login due to authentication failures. I blew away the db and
recreated from scratch, and had no problem. Could there be a
compatibility issue between the form of the digest that Acegi is
generating/expecting?
I'll need to retest.
--a.
Matt Raible wrote:
>On 12/3/05, Anil Gangolli <an...@busybuddha.org> wrote:
>
>
>>Can I configure something in the Acegi security.xml that allows me to
>>use the old encrypted (hashed) passwords?
>>
>>
>
>This should already be configured. If you turn on encrypted passwords
>(which I do), it'll use whichever encryption algorithm you specify in
>roller.properties. I'm using SHA, but MD5 is also an option.
>
>
>
>>Is there a way for me to inject my own digesting class if necessary?
>>
>>
>
>Yes, you should just need to create a class that implements PasswordEncoder.
>
>http://tinyurl.com/93q78
>
>Note that we might have to modify RollerContext to handle this.
>Currently, it only looks for SHA and MD5. We might need to make some
>modifications to support a full classname instead.
>
>Hope this helps,
>
>Matt
>
>
>
>
Re: hashed passwords and Acegi?
Posted by Matt Raible <mr...@gmail.com>.
On 12/3/05, Anil Gangolli <an...@busybuddha.org> wrote:
>
> Can I configure something in the Acegi security.xml that allows me to
> use the old encrypted (hashed) passwords?
This should already be configured. If you turn on encrypted passwords
(which I do), it'll use whichever encryption algorithm you specify in
roller.properties. I'm using SHA, but MD5 is also an option.
>
> Is there a way for me to inject my own digesting class if necessary?
Yes, you should just need to create a class that implements PasswordEncoder.
http://tinyurl.com/93q78
Note that we might have to modify RollerContext to handle this.
Currently, it only looks for SHA and MD5. We might need to make some
modifications to support a full classname instead.
Hope this helps,
Matt