2014-09-30 19:22 GMT+04:00 Konstantin Kolinko <knst.koli...@gmail.com>: > 2014-09-29 14:43 GMT+04:00 Mark Thomas <ma...@apache.org>: >> On 27/09/2014 15:52, Konstantin Kolinko wrote: > (....) > >>> 4) The current javadoc for RealmBase.main() says that algorithm (-a) >>> is not required and "If not specified a default of SHA-512 will be >>> used." >>> >>> I wonder whether that is justified. >> >> That is what is currently implemented. Happy to discuss changes but >> SHA-512 doesn't seem unreasonable to me. > > > I think there is a contradiction between -a <algorithm> and -h > <credential handler implementation class> keys: > 1) If -h is used I think it shall default to whatever default > algorithm the credential handler implements. > 2) Custom credential handler implementations may lack setAlgorithm() method. > > I think that one of (-a, -h) is required, with no default for either. > The old code had no default for algorithm. > >> String encoding = "UTF-8"; > > I think it shall use system encoding, because the value is passed on > the command line and is not read from file etc. > > The old code used system encoding by default. The system encoding is > what the system uses, so it is reasonable. > > Note the following text (I am linking to Tomcat 7 docs), > -> Realms and AAA -> Common Features -> Digested passwords > > http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#Digested_Passwords > > [quote] > Non-ASCII usernames and/or passwords are supported using > > CATALINA_HOME/bin/digest.[bat|sh] -a {algorithm} -e {encoding} {input} > > but care is required to ensure that the non-ASCII input is correctly > passed to the digester. The digester returns {input}:{digest}. If the > input appears corrupted in the return, the digest will be invalid. > [/quote] > > BTW, That chapter in realm-howto in Tomcat 8 needs an update for the > new features of digest.sh / RealmBase.main(). >
I think that this have to be fixed before tagging next Tomcat 8 release. 1. Remove default value for algorithm. Ask the caller to provide either "-a" or "-h" option explicitly. Motivation: - Revert to previous behaviour. - I see contradiction between -a and -h, as I wrote above. 2. Use system default encoding instead of UTF-8 by default. Motivation: - Revert to previous behaviour. It makes sense to expect system encoding when you are calling something from the command line, as that is the encoding that command line uses. 3. Update realm-howto.html#Digested_Passwords It does not document the new -h option. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
