0 Replies Latest reply on Oct 9, 2012 10:12 AM by saihegde

Using the UsersRolesLoginModule

saihegde Oct 9, 2012 10:12 AM

I am trying to use the UsersRolesLoginModule and it does work fine when I do not use and hashing, but as soon as I use hashing to encrypt passwords, the authentication breaks

Following is a snippet from the standalone.xml that I am using. Using this configuration, I am only able to authenticate if I use the plain password and not the hashed one.

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="sufficient">
          <module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/>
          <module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>
          <module-option name="hashAlgorithm" value="MD5"/>
          <module-option name="hashEncoding" value="base64"/>
          <module-option name="hashStorePassword" value="true"/>
          <module-option name="password-stacking" value="useFirstPass"/>
</login-module>

Also if I remove

<module-option name="hashStorePassword" value="true"/>

from the configuration, none of the passwords work, neither the hashed nor the unhashed ones work.