-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dheeraj,
On 2/15/19 04:08, dheeraj joshi wrote: >> I am getting warning “Setting property 'digest' to 'SHA-256' did >> not find a matching property” in tomcat9-stderr.log when I use >> attribute "digest" in realms. >> >> Snip from server.xml that i am using when i get error - >> >> <Host name="localhost" appBase="webapps" unpackWARs="true" >> autoDeploy="true"> >> >> <Realm className="org.apache.catalina.realm.MemoryRealm" >> digest="SHA-256" /> >> >> >> >> If I remove digest="SHA-256" from line <Realm >> className="org.apache.catalina.realm.MemoryRealm" >> digest="SHA-256" /> and restart tomcat service , I don’t see this >> warning after it. >> >> >> >> I did search for similar error reported by other users on >> internet but couldn’t confirm whether I am doing correct >> configuration. Some people say that digest attribute is removed >> since Tomcat 8.5 while some suggested me to use CredentialHandler >> sub element rather than using digest. >> >> >> >> >> https://stackoverflow.com/questions/41325893/tomcat-form-based-authen tication-datasourcerealm-configuration-errors >> >> , >> https://mail-archives.apache.org/mod_mbox/tomcat-dev/201511.mbox/raw/ %3c564a60fb.70...@gmail.com%3e >> >> >> >> >> I couldn’t find public documentation from Apache foundation confirming >> that digest should not be used with Tomcat 9 . When I check docu >> provided with Tomcat 9 I don’t see attribute named digest listed >> under Memory Based Realm section >> >> >> >> >> https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html#Memory_Bas ed_Realm_-_org.apache.catalina.realm.MemoryRealm >> >> >> >> >> >> Can you confirm whether digest attribute can be still used in Tomcat 9 i n >> realms, if yes then what should be the correct syntax to use it. >> If the use of digest is deprecated what should I be using >> instead? >> >> >> >> I have been using digest attribute in previous versions of Tomcat >> in realms and it used to work fine , problem is after Tomcat >> upgrade from Tomcat 6 to Tomcat 9. Peter has the correct answer in another reply, but I'd like you to consider whether or not using SHA-256 is something you actually want to do. Using a plain "digest" for password-munging is really insufficient for password-storage these days. Please give this presentation a good read-through to see how you can do a LOT better for your users: http://people.apache.org/~schultz/ApacheCon%20NA%202017/Seamless%20Upgra des%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxnIAUACgkQHPApP6U8 pFiIkw/+I/OuBZ3VIHWRaWDT1m5clG6mNQd0Rm/BKIQ/xsrHLkpJPAYGH59FdJly W1FTToGLcr/UENP6Mc6m95vj+95B7qx0uNuHiEN2b0GFTbwFTgJOcyOa4GXpA0sl opNXBY5prjHQ/hFyL0P3Zl/xUWgleO1foIjkEozZu476iHfdJj8O8XKPa9Ka4cSk CKf11GSfrJWxhHKDrZnIhPwAHRrHTMKH+GXEVG6QS1xmEG/plZ6mfUdCHoodTMfD SmAhqRmR2V22eTaYYURBRtQccUZkjeOAY1KJDQCiaOISjJ3XVBl24iul4gTzoBir SCEFQwEJNj1S9NKJYYPPrHYkWkr7TCBwL6UczWF7h72xFsT/JwleEcdag4yQun6M e8inr5FPPXMmf+updtiRt3vI4cCozLO7RQZUm1iFqvnInWTmVhfoFUZB4i/lJooI 3tkaY6ua2FcpmpHOtlKPeWRwXxHsGUKMu2QnK1/T7gK9VoNk/XYecu3eHbV3+we2 ur53Gi9wc/AtW5Utyv4AVELCnRg5BQRBRRFOin+SA47hNxqq5uWYlQ3xbjxyA95c VRLuPeNhI9QisA07ymJUKWjHPr7MiOVmmMCdoWH6Nvl9/f4i2cCSATrW532vHE7F EwhTHPYEHSzJPwpdqR/be9xM56RmJIzJFHxdVbmrsAoUQ0tCH7I= =MMrk -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
