https://bz.apache.org/bugzilla/show_bug.cgi?id=69852
--- Comment #6 from Christopher Schultz <[email protected]> --- IIRC, this was originally supported because services like LDAP will often return user passwords like {SHA}a1ecb2eb1a33ceb1... and we wanted to be able to support those systems. I checked the history, and it looks like we have always been using THE algorithm for the credential handler and not adapting to match that of the stored credential. I guess the idea was that the LDAP, etc. server was probably being consistent, so we'd also be consistent and just use the statically-configured algorithm. I think being able to support multiple digest algorithms would be handy, so I'd be in support of making the modification to explicitly use e.g. SHA1 when {SHA} is found in the credential. But I'd also be strongly in support of everyone migrating from such old algorithms to newer, more secure algorithms. If you are using a file-based authentication which it seems like you are, there doesn't seem to be a reason to use multiple different types of hashes in your file. In that case, use the best algorithm you can tolerate and use it consistently. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
