Hi;
As you may have guessed, it seems that JNDIRealm.java file, depends
on first the retrieval of a password. We have a version for 4.0.X or
4.1-dev for NOT allowing the retrieval of a password from LDAP. On your
encryption, there are 2 issues I see... 1. User - Authentication Page
encryption, 2. Web - web page to LDAP encryption...
todd
http://www.wiserlabz.com
collaborative effort to promote Novell and Open Source solutions
Jeremy Prellwitz wrote:
>Hi all,
>
> i searched the archives but could not come up with an answer for this.
>
>I have everything working for LDAP authentication on my server, and i've figured out
>how to include non plain text passwords everywhere except for the connectionPassword
>attribute of the <Realm> tag in the $CATALINA_HOME/conf/server.xml file. I would
>like to replace the "MY_CURRENT_PLAIN_TEXT_PASSWORD" string with an encrypted
>password for this configuration file, as everyone knows, this is otherwise a pretty
>good security hole.
>
> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
> connectionName="cn=root,dc=MYDOMAIN,dc=ca"
> connectionPassword="MY_CURRENT_PLAIN_TEXT_PASSWORD"
> connectionURL="ldap://MYHOST:389";
> roleBase="dc=roles,dc=MYDOMAIN,dc=ca"
> roleName="cn"
> roleSearch="(uniqueMember={0})"
> roleSubtree="false"
> digest="SHA"
> userPassword="userPassword"
> userPattern="uid={0},dc=MYDOMAIN,dc=ca"
> />
>
>I've tried using this : java org.apache.catalina.realm.RealmBase -a {algorithm}
>{cleartext-password}, which is what i used to enter my passwords into my OpenLDAP
>server, but with this you specify the encryption algorithm with the digest attribute.
>
>Please help. How do i specify the algorithm and encrypted password for the
>connectionPassword attribute; and if you would......which tool do i use to create
>this password?
>
>Thanks a million!!!
>
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
