Hi, The hashed strings generated by the o.a.j.security.DigestUtil is not compatible with the ones generated by MySQL.
[EMAIL PROTECTED]:~/java$ java org.apache.james.security.DigestUtil -alg SHA test01 Hash is: wlp5xXkGunAns204AjDbkrvA [EMAIL PROTECTED]:~/java$ gojames Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 5547 to server version: 4.0.8-gamma-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> select sha('test01'); +------------------------------------------+ | sha('test01') | +------------------------------------------+ | c25a79c57906ba7027b36d380230db92bbc0fd64 | +------------------------------------------+ 1 row in set (0.04 sec) The same thing for the MD5. I believe the problem lies on this line OutputStream encodedStream = MimeUtility.encode(bos, "base64"); in method DigestUtil.digestString(String, String). The encoder is not quite the same. If I used the org.apache.catalina.util.MD5Encoder, the output were the same. I had changed the code a bit, to: MD5Encoder encoder; String encoded; md = MessageDigest.getInstance(algorithm); byte[] digest = md.digest(pass.getBytes("iso-8859-1")); encoder = new MD5Encoder(); encoded = encoder.encode(digest); then the value of encoded and the output by "select md5('test01');" in MySQL would be the same. As it would by the md5sum command line. I think it would be great if the <user-store> element in the config.xml file had a subelement that defines the DigestUtil used; so that different encoders could be used without having to edit the james.jar. Oki --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]