On Feb 6, 2009, at 9:22 AM, BUSCH Steffen wrote: > > Thanks Scott, I think I'm aware of 80 % of the passwords and can > regenerate them. > As I'm having several external passwords files with the old base64 > encoded passwords for different web-apps, it would be great if you > could > advise how to set the backward compatibility flag for those web-apps > where it would be difficult for me to regenerate the passwords.
It should just be "old-encoding", althout you might need to change the config to look like: <password-digest old-encoding="true" algorithm="MD5" />. -- Scott > > > Thanks, > Steffen > > >>> >>> >>> >>> I used to have the following configuration in Resin 2.1.14 >>> >>> <authenticator> >>> <class-name>com.caucho.http.security.XmlAuthenticator</class-name> >>> <init-param password-digest='MD5-base64'/> >>> <init-param path='/home/stbu/passwords.xml' /> >>> </authenticator> >>> >>> >>> The passwords in the referenced file passwords.xml are for example >>> like >>> this: >>> >>> <authenticator> >>> <user name='myuser' password='cXSMXbxTmOz7Hv4lcVvrC3' >> role='resin' /> >>> </authenticator> >>> >>> >>> In 3.1 I have configured it as follows: >>> >>> <authenticator type="com.caucho.server.security.XmlAuthenticator"> >>> <init> >>> <password-digest>MD5-base64</password-digest> >>> <password-digest-realm>none</password-digest-realm> >>> <path>/home/stbu/passwords.xml</path> >>> </init> >>> </authenticator> >>> >>> => I knew that the default realm is "resin", so I've set it >> explicitly >>> to "none" so that I could reuse my old passwords. >>> But trying to login with the Username and Passwords are now >> rejected. >>> >>> >>> The password used for 2.1.14 have been generated with this utility >>> class: >>> >>> <CODE> >>> package com.example; >>> >>> import com.caucho.http.security.PasswordDigest; >>> import javax.servlet.*; >>> >>> public class Digest { >>> public static void main(String args[]) throws >>> ServletException { >>> PasswordDigest digest = new PasswordDigest(); >>> digest.setAlgorithm("MD5"); >>> digest.setFormat("base64"); >>> >>> System.out.println("Preparing Password '" + >> args[1] + >>> "' >>> for User '" + args[0] + "'"); >>> String password = digest.getPasswordDigest(args[0], >>> args[1]); >>> System.out.println("Digest Password: '" +password + >>> "'"); >>> } >>> } >>> </CODE> >>> >>> java com.example.Digest myuser mypassword >>> Preparing Password 'mypassword' for User 'myuser' >>> Digest Password: 'cXSMXbxTmOz7Hv4lcVvrC3' >>> >>> >>> In order to investigate why the login is rejected, I extended the >>> utility class to allow the specification of the realm and >> used the 3.1 >>> Jars of Resin to generate the password for a user and compare them >>> >>> <CODE> >>> package com.example; >>> >>> import com.caucho.http.security.PasswordDigest; >>> import javax.servlet.*; >>> >>> public class Digest31 { >>> public static void main(String args[]) throws >>> ServletException { >>> PasswordDigest digest = new PasswordDigest(); >>> digest.setAlgorithm("MD5"); >>> digest.setFormat("base64"); >>> digest.setRealm(args[2]); >>> >>> System.out.println("Preparing Password '" + >> args[1] + >>> "' >>> for User '" + args[0] + "'" + " with realm '" + args[2] + "'"); >>> String password = digest.getPasswordDigest(args[0], >>> args[1]); >>> System.out.println("Digest Password: '" +password + >>> "'"); >>> } >>> } >>> </CODE> >>> >>> java com.example.Digest31 myuser mypassword none >>> Preparing Password 'mypassword' for User 'myuser' with realm 'none' >>> Digest Password: 'cXSMXbxTmOz7Hv4lcVvrtw==' >>> >>> BTW: The same result is achieved when using the "Calculate >> Digest" on >>> the Login Page of /resin-admin. >>> >>> >>> The passwords look similar, but they are actually not the >> same - so >>> the >>> rejection is clear. >>> 2.1: 'cXSMXbxTmOz7Hv4lcVvrC3' >>> 3.1: 'cXSMXbxTmOz7Hv4lcVvrtw==' >>> >>> >>> >>> Has anybody else got such problems and figured out how to solve it? >>> I don't know how I have to set the init values for the >>> XmlAuthenticator >>> in order to get the old passwords working. >>> >>> >>> Thanks in advance >>> Steffen >>> >>> >>> >>> >>> _______________________________________________ >>> resin-interest mailing list >>> resin-interest@caucho.com >>> http://maillist.caucho.com/mailman/listinfo/resin-interest >> >> >> >> _______________________________________________ >> resin-interest mailing list >> resin-interest@caucho.com >> http://maillist.caucho.com/mailman/listinfo/resin-interest >> >> > > > > _______________________________________________ > resin-interest mailing list > resin-interest@caucho.com > http://maillist.caucho.com/mailman/listinfo/resin-interest _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest