I am using Tomcat 7 / JDBCRealm authentication in clear text (development/controlled environment). Now I want to upload the web app to my hosted environment so I need to digest the passwords.
I added 'digest="MD5"' to the realm section in server.xml and tested with some accounts by replacing the existing clear text password with one digested using MySQL's MD5() function.
This went OK.
When I tried SHA2 ('digest="SHA2"' in server.xml, and MySQL's SHA2() function to digest passwords in the table), I kept getting login failures. I tried MySQL's SHA2(pwd,224), SHA2(pwd,256), ...384, ...515 and none worked.
My web search for tomcat JDBCRealm /digest property was not very informative.
What did I do wrong?
