tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guy <g...@arizona.edu>
Subject Re: encrypting passwords in tomcat-users.xml
Date Wed, 22 Nov 2017 18:50:21 GMT
Maybe I should ask this in a different way: what are the steps to use 
encrypted passwords in tomcat-users.xml under Tomcat 8.0.14? I know what 
they are in Tomcat 8.0.37. They're both versions of Tomcat 8.0.x, so why 
does something that works in one not work in the other? Does the 
server.xml configuration need to be different?

Here are some specifics on how I'm running digest.sh.

As you will see, they are different. The newer version has more 
arguments, and produces a different output, in the format 
salt$iterations$digest.

First, on Mac with apache-tomcat-8.0.37:

% ./digest.sh secret
secret:304fb189dd47d028f892f95a0d9a2c8d707b24d72474b62e78d30401a7cc05b6$1$a299b9b24fdaf7219500ad39f21cea319fdce2a99d175c263ab16bd89c428ffdbafea125f9559a4be9081b5955c35574dae002fb2b32b1acccdef9c77a81fb2e


% ./digest.sh
Usage: RealmBase [-a <algorithm>] [-e <encoding>] [-i <iterations>] [-s

<salt-length>] [-k <key-length>] [-h <handler-class-name>] <credentials>

I believe this is defaulting to SHA-512 as per the docs and the fact 
that it worked when I configured the Realm to use SHA-512 with the 
CredentialHandler.

Next, on Linux with apache-tomcat-8.0.14-1:

# ./digest.sh secret
Usage: RealmBase -a <algorithm> [-e <encoding>] <credentials>
# ./digest.sh -a SHA-512 secret
secret:bd2b1aaf7ef4f09be9f52ce2d8d599674d81aa9d6a4421696dc4d93dd0619d682ce56b4d64a9ef097761ced99e0f67265b5f76085e5b0ee7ca4696b2ad6fe2b2



So, something in the underlying RealmBase class is different, and I 
can't get this output (or anything) to work on this server. There's also 
a warning in the log:

org.apache.tomcat.util.digester.Digester.endElement   No rules found 
matching 'Server/Service/Engine/Realm/Realm/CredentialHandler'.

which leads me to believe the server.xml configuration needs to be 
different for this version too. However, none of this is indicated in 
the documentation. I'm at a complete loss.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message