Dirk
This isn''t possible with the current JNDIRealm in Tomcat 4, though you
could probably specify the appropriate digest algorithm and
hack the Tomcat code to disregard the {crypt} prefix returned from OpenLDAP.
A much cleaner solution is to have the JNDIRealm to authenticate by binding
to the directory as the user,
in which case doesn't matter how how the password is stored in the
directory. I submitted a patch
for JNDIRealm to the tomcat-dev list last week which supports this, and you
could consider giving that a try. This assumes that you
are using HTTP basic authentication or form-based login, not HTTP digest
authentication.
John.
At 15:59 04/02/02, you wrote:
>**********************************************************************
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the system manager.
>
>**********************************************************************
>
>Hi,
>
>I'm trying to use tomcat's JNDIRealm with OpenLDAP. I've converted my
>passwords to digest format in the LDAP directory instead of plain text.
>
>Apparently, tomcat only excepts only hex formatted password where openLDAP
>provides passwords of the format
>{crypt}XXXXX where crypt = { SHA, MD, ... } and XXX is a base64 encoded
>integer.
>
>Is there a way to configure tomcat to accept this format of passwords? If
>so does this require any recompilation of
>tomcat?
>
>Thanks for your help,
>
>-- Dirk
>
>
>--
>To unsubscribe: <mailto:[EMAIL PROTECTED]>
>For additional commands: <mailto:[EMAIL PROTECTED]>
>Troubles with the list: <mailto:[EMAIL PROTECTED]>
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
