Manualshelf

NonStop Servlets for JavaServer Pages (NSJSP) 6.0 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
81828384858687888990
Configuring NSJSP
NonStop Servlets for JavaServer Pages (NSJSP) 6.0 System Administrator’s Guide544548-004
3-39
Digested Passwords
digest
The digest algorithm used to store passwords in non-plain text formats. Valid
values are those accepted for the algorithm name by the
java.security.MessageDigest class. For more information, see Digested
Passwords on page 3-39. If not specified, passwords are stored in clear text.
resourceName
Specifies a defined resource for user database.
In the Example 3-18, myOwnUserDatabase is defined as a global naming resource
as:
<GlobalNamingResources>
.
.
.
<Resource name="myOwnUserDatabse" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/nsjsp-users.xml" />
</GlobalNamingResources>
For more information on configuring UserDatabaseRealm, see the Tomcat 6.0
Specification at
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html.
Digested Passwords
For each standard realm implementation, the user's password (by default) is stored in
clear text. In many environments, this situation is undesirable because casual
observers of the authentication data can collect enough information to log on
successfully and impersonate other users. To avoid this problem, the standard
implementations support the concept of digesting user passwords. Digesting
passwords causes the stored version of the passwords to be encoded in a form that is
not easily reversible, but which the Realm implementation can still use for
authentication.
You can select digested passwords by specifying the digest attribute on your
<Realm> element. The value for this attribute must be one of the digest algorithms
supported by the java.security.MessageDigest class (SHA, MD5, and so on).
When you select this option, the contents of the password that are stored in the realm
must be the digested version of the clear text password, as digested by the specified
algorithm.
When the authenticate() method of the realm is called, the (clear text) password
specified by the user is itself digested by the same algorithm, and the result is
compared with the value returned by the Realm. A match means that the user is
authorized.