>
> On Feb 6, 2009, at 9:22 AM, BUSCH Steffen wrote:
>
> >
> > Thanks Scott, I think I'm aware of 80 % of the passwords and can
> > regenerate them.
> > As I'm having several external passwords files with the old base64
> > encoded passwords for different web-apps, it would be great if you
> > could
> > advise how to set the backward compatibility flag for those web-apps
> > where it would be difficult for me to regenerate the passwords.
>
> It should just be "old-encoding", althout you might need to
> change the
> config to look like:
>
> <password-digest old-encoding="true" algorithm="MD5" />.
>
> -- Scott
>
I've added the <password-digest old-encoding="true" algorithm="MD5" />,
but it was not immediately working.
So I've added to my utility class
digest.setOldEncoding(Boolean.valueOf(args[3]));
and generated the Digest Password with old-encoding enabled:
java com.example.Digest31 myuser mypassword none true
Preparing Password 'mypassword' for User 'myuser' with realm 'none'
Digest Password: 'cXSMXbxTmOz7Hv4lcVvrC3=='
This nearly matches the 2.1.14 password:
Digest Password: 'cXSMXbxTmOz7Hv4lcVvrC3'
Now I just added the two additional "==" to my referenced passwords.xml
file and it works (after changing role='r1,r2,r3' to roles='r1,r2,r3').
Steffen
> >
> >
> > Thanks,
> > Steffen
> >
> >
> >>>
> >>>
> >>>
> >>> I used to have the following configuration in Resin 2.1.14
> >>>
> >>> <authenticator>
> >>> <class-name>com.caucho.http.security.XmlAuthenticator</class-name>
> >>> <init-param password-digest='MD5-base64'/>
> >>> <init-param path='/home/stbu/passwords.xml' />
> >>> </authenticator>
> >>>
> >>>
> >>> The passwords in the referenced file passwords.xml are for example
> >>> like
> >>> this:
> >>>
> >>> <authenticator>
> >>> <user name='myuser' password='cXSMXbxTmOz7Hv4lcVvrC3'
> >> role='resin' />
> >>> </authenticator>
> >>>
> >>>
> >>> In 3.1 I have configured it as follows:
> >>>
> >>> <authenticator type="com.caucho.server.security.XmlAuthenticator">
> >>> <init>
> >>> <password-digest>MD5-base64</password-digest>
> >>> <password-digest-realm>none</password-digest-realm>
> >>> <path>/home/stbu/passwords.xml</path>
> >>> </init>
> >>> </authenticator>
> >>>
> >>> => I knew that the default realm is "resin", so I've set it
> >> explicitly
> >>> to "none" so that I could reuse my old passwords.
> >>> But trying to login with the Username and Passwords are now
> >> rejected.
> >>>
> >>>
> >>> The password used for 2.1.14 have been generated with this utility
> >>> class:
> >>>
> >>> <CODE>
> >>> package com.example;
> >>>
> >>> import com.caucho.http.security.PasswordDigest;
> >>> import javax.servlet.*;
> >>>
> >>> public class Digest {
> >>> public static void main(String args[]) throws
> >>> ServletException {
> >>> PasswordDigest digest = new PasswordDigest();
> >>> digest.setAlgorithm("MD5");
> >>> digest.setFormat("base64");
> >>>
> >>> System.out.println("Preparing Password '" +
> >> args[1] +
> >>> "'
> >>> for User '" + args[0] + "'");
> >>> String password = digest.getPasswordDigest(args[0],
> >>> args[1]);
> >>> System.out.println("Digest Password: '" +password +
> >>> "'");
> >>> }
> >>> }
> >>> </CODE>
> >>>
> >>> java com.example.Digest myuser mypassword
> >>> Preparing Password 'mypassword' for User 'myuser'
> >>> Digest Password: 'cXSMXbxTmOz7Hv4lcVvrC3'
> >>>
> >>>
> >>> In order to investigate why the login is rejected, I extended the
> >>> utility class to allow the specification of the realm and
> >> used the 3.1
> >>> Jars of Resin to generate the password for a user and compare them
> >>>
> >>> <CODE>
> >>> package com.example;
> >>>
> >>> import com.caucho.http.security.PasswordDigest;
> >>> import javax.servlet.*;
> >>>
> >>> public class Digest31 {
> >>> public static void main(String args[]) throws
> >>> ServletException {
> >>> PasswordDigest digest = new PasswordDigest();
> >>> digest.setAlgorithm("MD5");
> >>> digest.setFormat("base64");
> >>> digest.setRealm(args[2]);
> >>>
> >>> System.out.println("Preparing Password '" +
> >> args[1] +
> >>> "'
> >>> for User '" + args[0] + "'" + " with realm '" + args[2] + "'");
> >>> String password = digest.getPasswordDigest(args[0],
> >>> args[1]);
> >>> System.out.println("Digest Password: '" +password +
> >>> "'");
> >>> }
> >>> }
> >>> </CODE>
> >>>
> >>> java com.example.Digest31 myuser mypassword none
> >>> Preparing Password 'mypassword' for User 'myuser' with
> realm 'none'
> >>> Digest Password: 'cXSMXbxTmOz7Hv4lcVvrtw=='
> >>>
> >>> BTW: The same result is achieved when using the "Calculate
> >> Digest" on
> >>> the Login Page of /resin-admin.
> >>>
> >>>
> >>> The passwords look similar, but they are actually not the
> >> same - so
> >>> the
> >>> rejection is clear.
> >>> 2.1: 'cXSMXbxTmOz7Hv4lcVvrC3'
> >>> 3.1: 'cXSMXbxTmOz7Hv4lcVvrtw=='
> >>>
> >>>
> >>>
> >>> Has anybody else got such problems and figured out how to
> solve it?
> >>> I don't know how I have to set the init values for the
> >>> XmlAuthenticator
> >>> in order to get the old passwords working.
> >>>
> >>>
> >>> Thanks in advance
> >>> Steffen
> >>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> resin-interest mailing list
> >>> resin-interest@caucho.com
> >>> http://maillist.caucho.com/mailman/listinfo/resin-interest
> >>
> >>
> >>
> >> _______________________________________________
> >> resin-interest mailing list
> >> resin-interest@caucho.com
> >> http://maillist.caucho.com/mailman/listinfo/resin-interest
> >>
> >>
> >
> >
> >
> > _______________________________________________
> > resin-interest mailing list
> > resin-interest@caucho.com
> > http://maillist.caucho.com/mailman/listinfo/resin-interest
>
>
>
> _______________________________________________
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>
>
_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
