> > On Feb 6, 2009, at 9:22 AM, BUSCH Steffen wrote: > > > > > Thanks Scott, I think I'm aware of 80 % of the passwords and can > > regenerate them. > > As I'm having several external passwords files with the old base64 > > encoded passwords for different web-apps, it would be great if you > > could > > advise how to set the backward compatibility flag for those web-apps > > where it would be difficult for me to regenerate the passwords. > > It should just be "old-encoding", althout you might need to > change the > config to look like: > > <password-digest old-encoding="true" algorithm="MD5" />. > > -- Scott >
I've added the <password-digest old-encoding="true" algorithm="MD5" />, but it was not immediately working. So I've added to my utility class digest.setOldEncoding(Boolean.valueOf(args[3])); and generated the Digest Password with old-encoding enabled: java com.example.Digest31 myuser mypassword none true Preparing Password 'mypassword' for User 'myuser' with realm 'none' Digest Password: 'cXSMXbxTmOz7Hv4lcVvrC3==' This nearly matches the 2.1.14 password: Digest Password: 'cXSMXbxTmOz7Hv4lcVvrC3' Now I just added the two additional "==" to my referenced passwords.xml file and it works (after changing role='r1,r2,r3' to roles='r1,r2,r3'). Steffen > > > > > > Thanks, > > Steffen > > > > > >>> > >>> > >>> > >>> I used to have the following configuration in Resin 2.1.14 > >>> > >>> <authenticator> > >>> <class-name>com.caucho.http.security.XmlAuthenticator</class-name> > >>> <init-param password-digest='MD5-base64'/> > >>> <init-param path='/home/stbu/passwords.xml' /> > >>> </authenticator> > >>> > >>> > >>> The passwords in the referenced file passwords.xml are for example > >>> like > >>> this: > >>> > >>> <authenticator> > >>> <user name='myuser' password='cXSMXbxTmOz7Hv4lcVvrC3' > >> role='resin' /> > >>> </authenticator> > >>> > >>> > >>> In 3.1 I have configured it as follows: > >>> > >>> <authenticator type="com.caucho.server.security.XmlAuthenticator"> > >>> <init> > >>> <password-digest>MD5-base64</password-digest> > >>> <password-digest-realm>none</password-digest-realm> > >>> <path>/home/stbu/passwords.xml</path> > >>> </init> > >>> </authenticator> > >>> > >>> => I knew that the default realm is "resin", so I've set it > >> explicitly > >>> to "none" so that I could reuse my old passwords. > >>> But trying to login with the Username and Passwords are now > >> rejected. > >>> > >>> > >>> The password used for 2.1.14 have been generated with this utility > >>> class: > >>> > >>> <CODE> > >>> package com.example; > >>> > >>> import com.caucho.http.security.PasswordDigest; > >>> import javax.servlet.*; > >>> > >>> public class Digest { > >>> public static void main(String args[]) throws > >>> ServletException { > >>> PasswordDigest digest = new PasswordDigest(); > >>> digest.setAlgorithm("MD5"); > >>> digest.setFormat("base64"); > >>> > >>> System.out.println("Preparing Password '" + > >> args[1] + > >>> "' > >>> for User '" + args[0] + "'"); > >>> String password = digest.getPasswordDigest(args[0], > >>> args[1]); > >>> System.out.println("Digest Password: '" +password + > >>> "'"); > >>> } > >>> } > >>> </CODE> > >>> > >>> java com.example.Digest myuser mypassword > >>> Preparing Password 'mypassword' for User 'myuser' > >>> Digest Password: 'cXSMXbxTmOz7Hv4lcVvrC3' > >>> > >>> > >>> In order to investigate why the login is rejected, I extended the > >>> utility class to allow the specification of the realm and > >> used the 3.1 > >>> Jars of Resin to generate the password for a user and compare them > >>> > >>> <CODE> > >>> package com.example; > >>> > >>> import com.caucho.http.security.PasswordDigest; > >>> import javax.servlet.*; > >>> > >>> public class Digest31 { > >>> public static void main(String args[]) throws > >>> ServletException { > >>> PasswordDigest digest = new PasswordDigest(); > >>> digest.setAlgorithm("MD5"); > >>> digest.setFormat("base64"); > >>> digest.setRealm(args[2]); > >>> > >>> System.out.println("Preparing Password '" + > >> args[1] + > >>> "' > >>> for User '" + args[0] + "'" + " with realm '" + args[2] + "'"); > >>> String password = digest.getPasswordDigest(args[0], > >>> args[1]); > >>> System.out.println("Digest Password: '" +password + > >>> "'"); > >>> } > >>> } > >>> </CODE> > >>> > >>> java com.example.Digest31 myuser mypassword none > >>> Preparing Password 'mypassword' for User 'myuser' with > realm 'none' > >>> Digest Password: 'cXSMXbxTmOz7Hv4lcVvrtw==' > >>> > >>> BTW: The same result is achieved when using the "Calculate > >> Digest" on > >>> the Login Page of /resin-admin. > >>> > >>> > >>> The passwords look similar, but they are actually not the > >> same - so > >>> the > >>> rejection is clear. > >>> 2.1: 'cXSMXbxTmOz7Hv4lcVvrC3' > >>> 3.1: 'cXSMXbxTmOz7Hv4lcVvrtw==' > >>> > >>> > >>> > >>> Has anybody else got such problems and figured out how to > solve it? > >>> I don't know how I have to set the init values for the > >>> XmlAuthenticator > >>> in order to get the old passwords working. > >>> > >>> > >>> Thanks in advance > >>> Steffen > >>> > >>> > >>> > >>> > >>> _______________________________________________ > >>> resin-interest mailing list > >>> resin-interest@caucho.com > >>> http://maillist.caucho.com/mailman/listinfo/resin-interest > >> > >> > >> > >> _______________________________________________ > >> resin-interest mailing list > >> resin-interest@caucho.com > >> http://maillist.caucho.com/mailman/listinfo/resin-interest > >> > >> > > > > > > > > _______________________________________________ > > resin-interest mailing list > > resin-interest@caucho.com > > http://maillist.caucho.com/mailman/listinfo/resin-interest > > > > _______________________________________________ > resin-interest mailing list > resin-interest@caucho.com > http://maillist.caucho.com/mailman/listinfo/resin-interest > > _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest