[jira] Closed: (GERONIMO-1880) To Allow configurable password digests during REALM Deployment.

Thu, 23 Nov 2006 04:32:32 -0800 

     [ http://issues.apache.org/jira/browse/GERONIMO-1880?page=all ]

Vamsavardhana Reddy closed GERONIMO-1880.
-----------------------------------------

    Fix Version/s: 2.0
       Resolution: Fixed

PropertiesFileLoginModule and SQLLoginModule now support a "digest" option.

Fixed in rev 478545 (trunk) and rev 478547 (branches\1.2).

> To Allow configurable password digests during REALM Deployment.
> ---------------------------------------------------------------
>
>                 Key: GERONIMO-1880
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-1880
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 1.1
>         Environment: Geronimo1.1
>            Reporter: Phani Balaji Madgula
>         Assigned To: Vamsavardhana Reddy
>             Fix For: 1.2, 2.0
>
>
> Hi,
> I observed REALM deployments in TOMCAT, I feel to have same kind of 
> flexibility in specifying password DIGESTs for realms. Tomcat allows password 
> DIGEST to be specified while declaring REALM in server.xml.
>  <GlobalNamingResources>
>    <Resource name="PhaniUserDatabase" auth="Container"
>               type="org.apache.catalina.UserDatabase"
>        description="User database that can be updated and saved"
>            factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>           pathname="conf/tomcat-users-1.xml" />
>  </GlobalNamingResources>
>  <Engine name="Catalina" defaultHost="localhost">
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>              resourceName="UserDatabase"/>
>  <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>              resourceName="PhaniUserDatabase" digest="MD5"/>
> </Engine>
> Now, user can store MD5 digested passwords for the users in 
> tomcat-users-1.xml file as follows.
> <?xml version='1.0' encoding='utf-8'?>
> <tomcat-users>
>   <role rolename="role2"/>
>   <role rolename="role4"/>
>   <role rolename="role1"/>
>   <role rolename="role3"/>
>   <user username="nag" password="9fdc8b3f3027472d64e26a8e88fa2727" 
> roles="role3,role4"/>
>   <user username="phani" password="c49f410c89f1031f816031ba60215f50" 
> roles="role1,role2"/>
>   <user username="balaji" password="e75c1a66ae406db7d2f451b216b10664" 
> roles="role3,role4"/>
> </tomcat-users>
> If user accesses any web application that declared security constraints with 
> role1,role2,role3,role4, Tomcat will challenge the user for authentication 
> where the user needs to specify userid and clear text password. Tomcat will 
> digest the supplied password and compare it with what is specified in the 
> file.
> Can we have same kind of feature in Geronimo also? That is, to specify DIGEST 
> in REALM deployment plan.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to