Re: Using JNDIRealm with password digesting and openldap
On Mon, 4 Feb 2002 [EMAIL PROTECTED] wrote:
Date: Mon, 4 Feb 2002 16:59:21 +0100
From: [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Using JNDIRealm with password digesting and openldap
**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**
Hi,
I'm trying to use tomcat's JNDIRealm with OpenLDAP. I've converted my
passwords to digest format in the LDAP directory instead of plain text.
Apparently, tomcat only excepts only hex formatted password where openLDAP
provides passwords of the format
{crypt}X where crypt = { SHA, MD, ... } and XXX is a base64 encoded
integer.
Is there a way to configure tomcat to accept this format of passwords? If
so does this require any recompilation of
tomcat?
Supporting passwords in this format (with the leading {foo} prefix) is
high on my TODO list of enhancements for JNDIRealm -- along with other
improvements -- but it hasn't been done yet.
Thanks for your help,
-- Dirk
Craig
--
To unsubscribe: mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]
Using JNDIRealm with password digesting and openldap
**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**
Hi,
I'm trying to use tomcat's JNDIRealm with OpenLDAP. I've converted my
passwords to digest format in the LDAP directory instead of plain text.
Apparently, tomcat only excepts only hex formatted password where openLDAP
provides passwords of the format
{crypt}X where crypt = { SHA, MD, ... } and XXX is a base64 encoded
integer.
Is there a way to configure tomcat to accept this format of passwords? If
so does this require any recompilation of
tomcat?
Thanks for your help,
-- Dirk
--
To unsubscribe: mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Using JNDIRealm with password digesting and openldap
Dirk
This isn''t possible with the current JNDIRealm in Tomcat 4, though you
could probably specify the appropriate digest algorithm and
hack the Tomcat code to disregard the {crypt} prefix returned from OpenLDAP.
A much cleaner solution is to have the JNDIRealm to authenticate by binding
to the directory as the user,
in which case doesn't matter how how the password is stored in the
directory. I submitted a patch
for JNDIRealm to the tomcat-dev list last week which supports this, and you
could consider giving that a try. This assumes that you
are using HTTP basic authentication or form-based login, not HTTP digest
authentication.
John.
At 15:59 04/02/02, you wrote:
**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**
Hi,
I'm trying to use tomcat's JNDIRealm with OpenLDAP. I've converted my
passwords to digest format in the LDAP directory instead of plain text.
Apparently, tomcat only excepts only hex formatted password where openLDAP
provides passwords of the format
{crypt}X where crypt = { SHA, MD, ... } and XXX is a base64 encoded
integer.
Is there a way to configure tomcat to accept this format of passwords? If
so does this require any recompilation of
tomcat?
Thanks for your help,
-- Dirk
--
To unsubscribe: mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]
--
To unsubscribe: mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]
