Blame Sun :-) . Here follows the related James code, that invokes
java.security.MessageDigest.getInstance(String) and
javax.mail.internet.MimeUtility.encode(OutputStream, String):
---------------------------
public static String digestString(String pass, String algorithm )
throws NoSuchAlgorithmException {
MessageDigest md;
ByteArrayOutputStream bos;
try {
md = MessageDigest.getInstance(algorithm);
byte[] digest = md.digest(pass.getBytes("iso-8859-1"));
bos = new ByteArrayOutputStream();
OutputStream encodedStream = MimeUtility.encode(bos, "base64");
encodedStream.write(digest);
return bos.toString("iso-8859-1");
} catch (IOException ioe) {
throw new RuntimeException("Fatal error: " + ioe);
} catch (MessagingException me) {
throw new RuntimeException("Fatal error: " + me);
}
}
---------------------------------
Anyhow, I too do use JAMES and Tomcat heavily combined with MySQL, and
could manage the problem, knowing that identity of the hash strings
would be useful, but is not an interoperability standard at all.
Moreover, imagine what would happen if now we "fix" the James hash
string: all passwords would be invalidated.
Vincenzo
Pierre Smits wrote:
It seems that different hashing solutions are used with regards to tomcat,
james, mysql (to name a few). It seems to me that one solution should fit
all so that discrepancies and lenghty discussions can be avoided.
I use both JAMES and Tomcat heavily combined with MySQL and a single
solution for password encryption would definitely stop the confusion.
Pierre
On 3/3/06, Vincenzo Gianferrari Pini <[EMAIL PROTECTED]>
wrote:
Pierre,
in the thread:
http://www.mail-archive.com/[email protected]/msg04608.html
you can see the discussion and solution (from another perpective) to
your problem. It is not a bug, as no interoperability between MySql and
James, in terms of password hashing, is either expected nor required.
This other link can also help you:
http://www.mail-archive.com/[email protected]/msg04941.html
and the thread "Problem with trimmed SHA stored passwords in database" in:
http://mail-archives.apache.org/mod_mbox/james-server-user/200312.mbox/browser
Vincenzo
Pierre Smits wrote:
When I generate a new user with the remote manager I get a different
pwdHash
stored in mysql than when I create a user with the same password directly
in
mysql.
Also I cannot log on with the user I created in mysql.
Is this a known bug?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
