Encrypting passwords while using the UsersRolesLoginModule for authentication

saihegde Oct 17, 2012 5:47 PM

I am trying to use the UsersRolesLoginModule and it does work fine when I do not use and hashing, but as soon as I use hashing to encrypt passwords, the authentication breaks

Following is a snippet from the standalone.xml that I am using. Using this configuration, I am only able to authenticate if I use the plain password and not the hashed one.

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="sufficient">           <module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/>           <module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>           <module-option name="hashAlgorithm" value="MD5"/>           <module-option name="hashEncoding" value="base64"/>           <module-option name="hashStorePassword" value="true"/>           <module-option name="password-stacking" value="useFirstPass"/> </login-module>

Also if I remove

<module-option name="hashStorePassword" value="true"/>

from the configuration, none of the passwords work, neither the hashed nor the unhashed ones work.

1. Re: Encrypting passwords while using the UsersRolesLoginModule for authentication

saihegde Oct 25, 2012 10:01 AM (in response to saihegde)

Just to make things work, changed the login module to RealmUsers and added a user to the application realm. This has the passwords encrypted in the app-users.properties.
Actions