1 Reply Latest reply on Oct 25, 2012 10:01 AM by Sai Hegde

    Encrypting passwords while using the UsersRolesLoginModule for authentication

    Sai Hegde Newbie

      I am trying to use the UsersRolesLoginModule and it does work fine when I do not use and hashing, but as soon as I use hashing to encrypt passwords, the authentication breaks

       

      Following is a snippet from the standalone.xml that I am using. Using this configuration, I am only able to authenticate if I use the plain password and not the hashed one.

       

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="sufficient">           <module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/>           <module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>           <module-option name="hashAlgorithm" value="MD5"/>           <module-option name="hashEncoding" value="base64"/>           <module-option name="hashStorePassword" value="true"/>           <module-option name="password-stacking" value="useFirstPass"/> </login-module>  

       

      Also if I remove

      <module-option name="hashStorePassword" value="true"/>

       

      from the configuration, none of the passwords work, neither the hashed nor the unhashed ones work.