Thanks Christopher and Peter, my query is answered now. On Sat, Feb 16, 2019 at 1:54 AM Christopher Schultz < ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Dheeraj, > > On 2/15/19 04:08, dheeraj joshi wrote: > >> I am getting warning “Setting property 'digest' to 'SHA-256' did > >> not find a matching property” in tomcat9-stderr.log when I use > >> attribute "digest" in realms. > >> > >> Snip from server.xml that i am using when i get error - > >> > >> <Host name="localhost" appBase="webapps" unpackWARs="true" > >> autoDeploy="true"> > >> > >> <Realm className="org.apache.catalina.realm.MemoryRealm" > >> digest="SHA-256" /> > >> > >> > >> > >> If I remove digest="SHA-256" from line <Realm > >> className="org.apache.catalina.realm.MemoryRealm" > >> digest="SHA-256" /> and restart tomcat service , I don’t see this > >> warning after it. > >> > >> > >> > >> I did search for similar error reported by other users on > >> internet but couldn’t confirm whether I am doing correct > >> configuration. Some people say that digest attribute is removed > >> since Tomcat 8.5 while some suggested me to use CredentialHandler > >> sub element rather than using digest. > >> > >> > >> > >> > >> https://stackoverflow.com/questions/41325893/tomcat-form-based-authen > tication-datasourcerealm-configuration-errors > <https://stackoverflow.com/questions/41325893/tomcat-form-based-authentication-datasourcerealm-configuration-errors> > >> > >> > , > >> https://mail-archives.apache.org/mod_mbox/tomcat-dev/201511.mbox/raw/ > %3c564a60fb.70...@gmail.com%3e > >> > >> > >> > >> > >> > I couldn’t find public documentation from Apache foundation confirming > >> that digest should not be used with Tomcat 9 . When I check docu > >> provided with Tomcat 9 I don’t see attribute named digest listed > >> under Memory Based Realm section > >> > >> > >> > >> > >> https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html#Memory_Bas > ed_Realm_-_org.apache.catalina.realm.MemoryRealm > <https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html#Memory_Based_Realm_-_org.apache.catalina.realm.MemoryRealm> > >> > >> > >> > >> > >> > >> > Can you confirm whether digest attribute can be still used in Tomcat 9 i > n > >> realms, if yes then what should be the correct syntax to use it. > >> If the use of digest is deprecated what should I be using > >> instead? > >> > >> > >> > >> I have been using digest attribute in previous versions of Tomcat > >> in realms and it used to work fine , problem is after Tomcat > >> upgrade from Tomcat 6 to Tomcat 9. > > Peter has the correct answer in another reply, but I'd like you to > consider whether or not using SHA-256 is something you actually want > to do. > > Using a plain "digest" for password-munging is really insufficient for > password-storage these days. > > Please give this presentation a good read-through to see how you can > do a LOT better for your users: > > http://people.apache.org/~schultz/ApacheCon%20NA%202017/Seamless%20Upgra > des%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf > <http://people.apache.org/~schultz/ApacheCon%20NA%202017/Seamless%20Upgrades%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf> > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxnIAUACgkQHPApP6U8 > pFiIkw/+I/OuBZ3VIHWRaWDT1m5clG6mNQd0Rm/BKIQ/xsrHLkpJPAYGH59FdJly > W1FTToGLcr/UENP6Mc6m95vj+95B7qx0uNuHiEN2b0GFTbwFTgJOcyOa4GXpA0sl > opNXBY5prjHQ/hFyL0P3Zl/xUWgleO1foIjkEozZu476iHfdJj8O8XKPa9Ka4cSk > CKf11GSfrJWxhHKDrZnIhPwAHRrHTMKH+GXEVG6QS1xmEG/plZ6mfUdCHoodTMfD > SmAhqRmR2V22eTaYYURBRtQccUZkjeOAY1KJDQCiaOISjJ3XVBl24iul4gTzoBir > SCEFQwEJNj1S9NKJYYPPrHYkWkr7TCBwL6UczWF7h72xFsT/JwleEcdag4yQun6M > e8inr5FPPXMmf+updtiRt3vI4cCozLO7RQZUm1iFqvnInWTmVhfoFUZB4i/lJooI > 3tkaY6ua2FcpmpHOtlKPeWRwXxHsGUKMu2QnK1/T7gK9VoNk/XYecu3eHbV3+we2 > ur53Gi9wc/AtW5Utyv4AVELCnRg5BQRBRRFOin+SA47hNxqq5uWYlQ3xbjxyA95c > VRLuPeNhI9QisA07ymJUKWjHPr7MiOVmmMCdoWH6Nvl9/f4i2cCSATrW532vHE7F > EwhTHPYEHSzJPwpdqR/be9xM56RmJIzJFHxdVbmrsAoUQ0tCH7I= > =MMrk > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
