Niklas, See my questions inline:
> If you agree but no one is wiling to adopt the task, I will. I suggest the > possibility to add an 'crypt="TYPE"' directive to the realm configuration. Currently, there already is a "digest" attribute for a Realm. The defualt in server.xml is no digest. But currently you can specify digest="MD5". I would assume that you want to use this existing attribute with a new "MD5crypt" option to minimize the amount of documentation changes. Documentation for the digest option is in the following source file in the jakarta-tomcat-4.0 source code: webapps/tomcat-docs/realm-howto.xml If you submit a patch to enable such a new digest option, be sure to submit a patch for the documentation as well. > This leaves open the chance to implement other crypt-routines (as the > unix-crypt requested prior on this list). > Adding a digest="MD5" attribute to Realm makes sense if you put the usernames and passwords into the formats that are supported by the existing 3 Realms: Realm Format ----- ------ MemoryRealm Stored in conf/tomcat-users.xml JNDIRealm Stored in your LDAP server JDBCRealm Stored in your relational database If you use any of the above 3 existing Realms, you would need to import all of your Linux usernames and passwords into the applicable data storage format. So, this brings up my next question: do you really want to access the native Linux (or other Unix variants) password validation functions? If so, I would implement a new Realm object to support this type of data storage format. For purposes of this discussion, we could call it a UnixRealm. You could still implement the MD5crypt as a "digest" option, this new Realm would do the work of invoking the native C functions with a the username and the password encrypted with whatever is specified in the "digest" attribute. Of course, this new Realm would require the use of JNDI to access the native functions so you would need to make sure that the build.xml files don't build this Realm if there is no C compiler or other required build tools. Just my 2 cents, Patrick -- _____________________________________________________________________ Patrick Luby Email: [EMAIL PROTECTED] Sun Microsystems Phone: 408-276-7471 901 San Antonio Road, USCA14-303 Palo Alto, CA 94303-4900 _____________________________________________________________________
