There are actually instructions for encrypting (actually hashing, aka digesting) passwords on the InstallationGuide page of the
wiki. Basically, you need to shutdown, run the (provided) Java utility to encrypt (hash) passwords for existing users, set the
realm config digest algorithm and restart. Ping the list if you need help.
You should be aware of the following caveat however.
The dev team decided to change the default for Roller 1.2 so as not to encrypt (hash) passwords because it is expected that we will
be upgrading in the future to support HTTP Digest Authentication, which requires storing either the plaintext, some reversible
encrypted form, or the specific hash that works with the Digest Auth algorithm; encrypting (hashing) now with the current scheme may
require you to reset all passwords to known values in the future when we do this; I'm not sure how painless we'll be able to make
that transition.
--a.
----- Original Message -----
From: "Bob Myers" <[EMAIL PROTECTED]>
To: "'Anil Gangolli'" <[EMAIL PROTECTED]>; <[email protected]>
Sent: Saturday, August 27, 2005 10:18 AM
Subject: RE: Trouble with logging in once account is created
That worked like a charm. I'm using the Tomcat Web Server Administration
Tool to set everything up and it didn't allow for the removal of the
attribute. If I hit save in the interface it will come back. Now that
you've got me working how do I get it to work with a digested password?
Profuse thanks already, this is just gravy
-Bob
-----Original Message-----
From: Anil Gangolli [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 27, 2005 9:42 AM
To: [email protected]; [EMAIL PROTECTED]
Subject: Re: Trouble with logging in once account is created
Try leaving the "digest" parameter out of the configuration entirely.
--a.
----- Original Message -----
From: "Bob Myers" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, August 26, 2005 11:49 PM
Subject: Trouble with logging in once account is created
I'm running roller 1.2 with Tomcat/5.0.28 and MySQL 4.1.13a-nt. I've got
it
up and running but I can't login after I've created an account. When I
check the rolleruser database table the passwords are stored in clear
text.
However when I leave the Digest Algorithm for the JDBCRealm blank, so it
works in clear text, I get this output in the log file:
2005-08-24 00:24:42 StandardHost[localhost]: Error deploying application
at
context path null
java.lang.IllegalStateException: ContainerBase.addChild: start:
LifecycleException: Invalid message digest algorithm specified:
java.security.NoSuchAlgorithmException: MessageDigest not available
at
org.apache.commons.digester.Digester.createSAXException(Digester.java:2540)
at
org.apache.commons.digester.Digester.createSAXException(Digester.java:2566)
at org.apache.commons.digester.Digester.endElement(Digester.java:1061)
at
org.apache.catalina.util.CatalinaDigester.endElement(CatalinaDigester.java:7
6)
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown
---------- cropped for sanity ------------
The above output is followed by zero functionality of my roller site.
So then I set the Digest Algorithm setting to MD5 or SHA and I can't
login.
I get the feeling it is using the algorithm to match the stored clear text
password and failing. I'm not sure how to get the app to store the
digested
password instead of the clear text.
Any ideas?
Thanks for any help you can provide,
-Bob Myers
