The MD5'd password *is* in the pg_shadow.passwd column. I don't see what I'm doing wrong. And, as far as confusing postgres users with tomcat users, is there a problem with using the same user for both? I kind of thought that was the point. When I create a user, they can use the same username and password to access tomcat web apps that they use to connect to the database.
Thanks for the pointers on security. Both Tomcat and Postgres are on the same server. I'm also planning on using HTTPS, but apache will handle that part. I think it will work something like this: 1. user types username and password (clear-text) into form 2. web browser encrypts everything and sends it to web server (https) 3. apache decrypts everything and passes it onto tomcat 4. tomcat makes a MD5 form of the given password 5. tomcat compares this with the MD5 password taken from the database Does that sound right? -- Robert Abernethy IV Dynamic Edge, Inc. 734.975.0460 > Yeah, looks like you almost have it. The MD5'd password should be in > pg_shadow in the userCredCol, passwd in this case. > > Be advised that you should either use only HTTPS for this, or run > Tomcat on the same server as Postgres, or run them both on a secure > net behind a firewall on separate machines to prevent your Postgres > database from being compromised. > > MD5 really only prevents snoops on your server from being able to easily > read the passwords in pg_shadow. > > Rick > > ----- Original Message ----- > > > * Rob Abernethy IV <[EMAIL PROTECTED]> [0154 21:54]: > > > OK. I was able to get clear-text passwords to work, but I still can't > get > > > encrypted passwords to work. Using MD5 encryption, Tomcat is able to > > > successfully open a connection to the database using the JDBCRealm set > up in > > > the server.xml, but it is unable to authenticate users for the admin web > app. > > > I am using the same username and password (username = "tomcat", > password = > > > "tomcat") for both the JDBCRealm and the admin web app. > > > > > > JDBCRealm: > > > <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > > > driverName="org.postgresql.Driver" > > > connectionURL="jdbc:postgresql://bilbo.dynedge.com/template1" > > > connectionName="abernethy" connectionPassword="gceIlu4DaR" > > > userTable="pg_shadow" userNameCol="usename" userCredCol="passwd" > > > userRoleTable="pg_groupview" roleNameCol="groname" > > > digest="MD5" /> > > > pg_shadow: > > > usename | passwd > > > ------------------------- > > > tomcat | md5efcc1c51a80be13b59cdb96d758a0184 > > > > You are confusing postgres usernames/passwords with the ones you want in > the tables. > > Tomcat connects to the database as user connectionName , password > connectionPassword > > > > and looks up http authentication users and passwords in userTable and > userRoleTable. > > > > It looks from your post like you have that backwards (pg_shadow holds > postgres users, not users > > for your apps). > > > > > postgresql log (for admin web app authentication): > > > Jan 7 16:43:34 bilbo postgres[4329]: [9] LOG: query: SELECT passwd > FROM > > > pg_shadow WHERE usename = 'tomcat' > > > Jan 7 16:43:34 bilbo postgres[4329]: [10] LOG: duration: 0.001636 sec > > > > > > catalina_log.2003-01-07.txt: > > > 2003-01-07 16:43:34 JDBCRealm[Standalone]: Username tomcat NOT > successfully > > > authenticated > > > > -- > > Rasputin :: Jack of All Trades - Master of Nuns > > -- > To unsubscribe, e-mail: <mailto:tomcat-user- [EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:tomcat-user- [EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>