tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nehal Sangoi" <nehal.san...@patni.com>
Subject FW: Securing Manager Role
Date Wed, 09 Nov 2005 04:03:46 GMT

Hi,
Please go thru below mail....u will get the answer..............
-----Original Message-----
From: Nehal Sangoi [mailto:nehal.sangoi@patni.com]
Sent: Friday, October 28, 2005 9:15 AM
To: 'Tomcat Users List'
Subject: RE: Securing Manager Role


Hi,

I could do it successfully yesterday. The right commandline in as follows.

$ java -classpath $CATALINA_HOME/server/lib/catalina.jar:/opt/commons-logging/commons-
logging.jar org.apache.catalina.realm.RealmBase -a sha1 manager


Thank You so much for providing this solution.

Regds,
Nehal

-----Original Message-----
From: Charlie C.L. King [mailto:clking@gmail.com]
Sent: Thursday, October 27, 2005 8:12 PM
To: Tomcat Users List; nehal.sangoi@patni.com
Subject: Re: Securing Manager Role


hi,
looks like you're stuck with your kshell.
how about specifying canonical path to your java executable, e.g.
/opt/bin/java?

or if you're under some unix environment like FreeBSD, you can just use
'md5' or 'sha1' provided by system:
% sha1 -s 'passphrase here'
it will produce the same result for you.

On 10/27/05, Nehal Sangoi <nehal.sangoi@patni.com> wrote:
>
> Hi,
>
> I modified my server.xml as follows.
>
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase" digest="SHA1"/>
>
> Also, downloaded "commons-logging-20051027.tar.gz" and untarred the same.
>
> Later i tried giving below command :
>
> $ java -classpath
> $CATALINA_HOME/server/lib/catalina.jar:/opt/commons-logging/commons-
> logging.jar org.apache.catalina.realm.RealmBase -a sha1 <manager>
> But recd. following error :
>
> ksh: syntax error: `newline or ;' unexpected
>
> Please help doing this successfully.
>
>
> Thanks,
> Nehal
>

--
Regards, Charlie



------------------------------------------------------------


Hi,
you can change it to a digested form, either in md5 or in sha1 or some
others(see java.security.MessageDigest). but sha1 should be safer. here's
the choir you have to do.

1. in your server.xml, add to its child element <Realm> a new attribute
named "digest" and with its value "SHA1"(whatever you want).

2. run this

% java -classpath $CATALINA_HOME/server/lib/catalina.jar:/path/to/commons-
logging.jar org.apache.catalina.realm.RealmBase -a sha1 <cleartext_password>

you'll get the digested passphrase

3. use the digested passphrase as password in you tomcat-user.xml

4. be sure to restart tomcat and then you can try it

the way digest means it should be difficult *BUT NOT IMPOSSIBLE* to decrypt
in case anyone might be able to read that file, thus you should secure the
user file and prevent others from reading it.

--
Regards, Charlie


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message