On 12/4/05, Anil Gangolli <[EMAIL PROTECTED]> wrote: > > Hmm. I tried to upgrade my development 2.0 db to 2.1; I had been > running with > > passwds.encryption.enabled=true > passwds.encryption.algorithm=SHA > > which I retained after the upgrade. After the upgrade the user was > unable to login due to authentication failures. I blew away the db and > recreated from scratch, and had no problem. Could there be a > compatibility issue between the form of the digest that Acegi is > generating/expecting?
I don't think so - I've had no issues with my 1.2 and 2.0 database running with encrypted passwords. Is it possible there's something in the 2.1 upgrade script? Can compare your user records before and after the upgrade? Matt > > I'll need to retest. > > --a. > > > Matt Raible wrote: > > >On 12/3/05, Anil Gangolli <[EMAIL PROTECTED]> wrote: > > > > > >>Can I configure something in the Acegi security.xml that allows me to > >>use the old encrypted (hashed) passwords? > >> > >> > > > >This should already be configured. If you turn on encrypted passwords > >(which I do), it'll use whichever encryption algorithm you specify in > >roller.properties. I'm using SHA, but MD5 is also an option. > > > > > > > >>Is there a way for me to inject my own digesting class if necessary? > >> > >> > > > >Yes, you should just need to create a class that implements PasswordEncoder. > > > >http://tinyurl.com/93q78 > > > >Note that we might have to modify RollerContext to handle this. > >Currently, it only looks for SHA and MD5. We might need to make some > >modifications to support a full classname instead. > > > >Hope this helps, > > > >Matt > > > > > > > > > > >
