On Feb 6, 2009, at 9:22 AM, BUSCH Steffen wrote:
>
> Thanks Scott, I think I'm aware of 80 % of the passwords and can
> regenerate them.
> As I'm having several external passwords files with the old base64
> encoded passwords for different web-apps, it would be great if you
> could
> advise how to set the backward compatibility flag for those web-apps
> where it would be difficult for me to regenerate the passwords.
It should just be "old-encoding", althout you might need to change the
config to look like:
<password-digest old-encoding="true" algorithm="MD5" />.
-- Scott
>
>
> Thanks,
> Steffen
>
>
>>>
>>>
>>>
>>> I used to have the following configuration in Resin 2.1.14
>>>
>>> <authenticator>
>>> <class-name>com.caucho.http.security.XmlAuthenticator</class-name>
>>> <init-param password-digest='MD5-base64'/>
>>> <init-param path='/home/stbu/passwords.xml' />
>>> </authenticator>
>>>
>>>
>>> The passwords in the referenced file passwords.xml are for example
>>> like
>>> this:
>>>
>>> <authenticator>
>>> <user name='myuser' password='cXSMXbxTmOz7Hv4lcVvrC3'
>> role='resin' />
>>> </authenticator>
>>>
>>>
>>> In 3.1 I have configured it as follows:
>>>
>>> <authenticator type="com.caucho.server.security.XmlAuthenticator">
>>> <init>
>>> <password-digest>MD5-base64</password-digest>
>>> <password-digest-realm>none</password-digest-realm>
>>> <path>/home/stbu/passwords.xml</path>
>>> </init>
>>> </authenticator>
>>>
>>> => I knew that the default realm is "resin", so I've set it
>> explicitly
>>> to "none" so that I could reuse my old passwords.
>>> But trying to login with the Username and Passwords are now
>> rejected.
>>>
>>>
>>> The password used for 2.1.14 have been generated with this utility
>>> class:
>>>
>>> <CODE>
>>> package com.example;
>>>
>>> import com.caucho.http.security.PasswordDigest;
>>> import javax.servlet.*;
>>>
>>> public class Digest {
>>> public static void main(String args[]) throws
>>> ServletException {
>>> PasswordDigest digest = new PasswordDigest();
>>> digest.setAlgorithm("MD5");
>>> digest.setFormat("base64");
>>>
>>> System.out.println("Preparing Password '" +
>> args[1] +
>>> "'
>>> for User '" + args[0] + "'");
>>> String password = digest.getPasswordDigest(args[0],
>>> args[1]);
>>> System.out.println("Digest Password: '" +password +
>>> "'");
>>> }
>>> }
>>> </CODE>
>>>
>>> java com.example.Digest myuser mypassword
>>> Preparing Password 'mypassword' for User 'myuser'
>>> Digest Password: 'cXSMXbxTmOz7Hv4lcVvrC3'
>>>
>>>
>>> In order to investigate why the login is rejected, I extended the
>>> utility class to allow the specification of the realm and
>> used the 3.1
>>> Jars of Resin to generate the password for a user and compare them
>>>
>>> <CODE>
>>> package com.example;
>>>
>>> import com.caucho.http.security.PasswordDigest;
>>> import javax.servlet.*;
>>>
>>> public class Digest31 {
>>> public static void main(String args[]) throws
>>> ServletException {
>>> PasswordDigest digest = new PasswordDigest();
>>> digest.setAlgorithm("MD5");
>>> digest.setFormat("base64");
>>> digest.setRealm(args[2]);
>>>
>>> System.out.println("Preparing Password '" +
>> args[1] +
>>> "'
>>> for User '" + args[0] + "'" + " with realm '" + args[2] + "'");
>>> String password = digest.getPasswordDigest(args[0],
>>> args[1]);
>>> System.out.println("Digest Password: '" +password +
>>> "'");
>>> }
>>> }
>>> </CODE>
>>>
>>> java com.example.Digest31 myuser mypassword none
>>> Preparing Password 'mypassword' for User 'myuser' with realm 'none'
>>> Digest Password: 'cXSMXbxTmOz7Hv4lcVvrtw=='
>>>
>>> BTW: The same result is achieved when using the "Calculate
>> Digest" on
>>> the Login Page of /resin-admin.
>>>
>>>
>>> The passwords look similar, but they are actually not the
>> same - so
>>> the
>>> rejection is clear.
>>> 2.1: 'cXSMXbxTmOz7Hv4lcVvrC3'
>>> 3.1: 'cXSMXbxTmOz7Hv4lcVvrtw=='
>>>
>>>
>>>
>>> Has anybody else got such problems and figured out how to solve it?
>>> I don't know how I have to set the init values for the
>>> XmlAuthenticator
>>> in order to get the old passwords working.
>>>
>>>
>>> Thanks in advance
>>> Steffen
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> resin-interest mailing list
>>> resin-interest@caucho.com
>>> http://maillist.caucho.com/mailman/listinfo/resin-interest
>>
>>
>>
>> _______________________________________________
>> resin-interest mailing list
>> resin-interest@caucho.com
>> http://maillist.caucho.com/mailman/listinfo/resin-interest
>>
>>
>
>
>
> _______________________________________________
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
