Hmm. I tried to upgrade my development 2.0 db to 2.1; I had been
running with
passwds.encryption.enabled=true
passwds.encryption.algorithm=SHA
which I retained after the upgrade. After the upgrade the user was
unable to login due to authentication failures. I blew away the db and
recreated from scratch, and had no problem. Could there be a
compatibility issue between the form of the digest that Acegi is
generating/expecting?
I'll need to retest.
--a.
Matt Raible wrote:
On 12/3/05, Anil Gangolli <[EMAIL PROTECTED]> wrote:
Can I configure something in the Acegi security.xml that allows me to
use the old encrypted (hashed) passwords?
This should already be configured. If you turn on encrypted passwords
(which I do), it'll use whichever encryption algorithm you specify in
roller.properties. I'm using SHA, but MD5 is also an option.
Is there a way for me to inject my own digesting class if necessary?
Yes, you should just need to create a class that implements PasswordEncoder.
http://tinyurl.com/93q78
Note that we might have to modify RollerContext to handle this.
Currently, it only looks for SHA and MD5. We might need to make some
modifications to support a full classname instead.
Hope this helps,
Matt
