On 16/03/2015 10:22, Igor Mukhin wrote: > Hello, > > I just tried to execute on Tomcat 8.0.20 : > digest.bat -a MD5 myusername:myrealm:mypassword > and it replyed with: > > myusername:myrealm:mypassword:283c7c0d977648d4dc3def5a20e2a595701a754244baec7153d40e8ee30ff6a5$1$f47f1b081edd3627ed24d67274dd6e15 > > I used this long MD5 > (283c7c0d977648d4dc3def5a20e2a595701a754244baec7153d40e8ee30ff6a5$1$f47f1b081edd3627ed24d67274dd6e15) > in my tomcat-user.xml and the user couldn't login with DIGEST method. > > Then I tried to execute the same command on Tomcat 6.0.43 and got: > myusername:myrealm:mypassword:8fcc8ae2c169463bab76eb7124aede7b > I used the short MD5 (8fcc8ae2c169463bab76eb7124aede7b) ) in my Tomcat 8's > tomcat-user.xml and the login is working again! (DIGEST method) > > Question: Why Tomcat8's digest.bat is generating such a long MD5? It doesn't > look the same as earlier and it is not working.
The credential output format is different (salt$iterations$digest) and salt is enabled by default. If you try digest -s 0 -a MD5 foo:foo:foo you get foo:foo:foo:$1$67ec44ba7c1234c8f201c261183e9d25 If you try digest -a MD5 foo:foo:foo on Tomcat 6 you get foo:foo:foo:67ec44ba7c1234c8f201c261183e9d25 Tomcat 8 will accept either format although it always generates them in the new format. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org