tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert J. Carr" <rjc...@gmail.com>
Subject Re: Configuring DIGEST auth for manager
Date Fri, 08 Dec 2017 16:40:48 GMT
Hi Philippe-

I'm new to the list, and didn't see the previous response either, but I
just did this recently do a similar config so I might have some guidance.

Where you have algorithm="*SHA-256*", for digest.sh too, you shouldn't need
the asterisks.  Why are you using those?

> Set the last part of password following "password1234:" in

This should also include the iterations.  It should be something like:

$1$b9c950640e1b3740e98acb93e669c65766f6670dd1609ba91ff41052ba48c6f3

Good luck!

Robert

On Fri, Dec 8, 2017 at 12:59 AM, Philippe Mouawad <
p.mouawad@ubik-ingenierie.com> wrote:
>
> Hi Mark,
> Sorry but I didn't receive the reply otherwise I wouldn't be asking again.
> I'll see the archives then.
>
> Thanks
> Regards
>
> On Fri, Dec 8, 2017 at 9:20 AM, Mark Thomas <markt@apache.org> wrote:
>
> > On 07/12/17 21:24, Philippe Mouawad wrote:
> > > Hello,
> > > Last ping hoping to get some help.
> >
> > If you aren't going to read the replies Chris has already given you to
> > your original question and your subsequent ping there isn't much more we
> > can do to help you.
> >
> > Mark
> >
> >
> > >
> > > Thanks
> > >
> > > On Wed, Nov 8, 2017 at 10:19 PM, Philippe Mouawad <
> > > p.mouawad@ubik-ingenierie.com> wrote:
> > >
> > >> Hello,
> > >> Any feedback on this ?
> > >> Thanks
> > >>
> > >> On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
> > >> p.mouawad@ubik-ingenierie.com> wrote:
> > >>
> > >>> Hello,
> > >>> I am having issues making Digest auth work in Tomcat 8.5.23 for
manager
> > >>> application.
> > >>>
> > >>> I have done the following:
> > >>>
> > >>> 1) Edit server.xml and have set MessageDigestCredentialHandler with
> > >>> SHA-256
> > >>>       <Realm className="org.apache.catalina.realm.LockOutRealm">
> > >>>         <!-- This Realm uses the UserDatabase configured in the
global
> > >>> JNDI
> > >>>              resources under the key "UserDatabase".  Any edits
> > >>>              that are performed against this UserDatabase are
> > immediately
> > >>>              available for use by the Realm.  -->
> > >>>         <Realm
className="org.apache.catalina.realm.UserDatabaseRealm"
> > >>> resourceName="*UserDatabase*">
> > >>>               <CredentialHandler className="org.apache.catalina
> > >>> .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" />
> > >>>         </Realm>
> > >>>       </Realm>
> > >>>
> > >>> 2) Generated password using:
> > >>> ./digest.sh -a *SHA-256* -h org.apache.catalina.realm.
> > MessageDigestCredentialHandler
> > >>> -i 1 -s 0 password1234
> > >>>
> > >>> I also tried :
> > >>> ./digest.sh -a SHA-256 -h org.apache.catalina.realm.
> > MessageDigestCredentialHandler
> > >>> -i 1 -s 0 tomcat:UserDatabase:password1234
> > >>>
> > >>> 3) Set the last part of password following "password1234:" in
> > >>> tomcat-users.xml
> > >>> <role rolename="manager-gui"/>
> > >>> <role rolename="admin"/>
> > >>> <role rolename="manager"/>
> > >>>     <user username="tomcat" password="b9c950640e1b3740e98a
> > >>> cb93e669c65766f6670dd1609ba91ff41052ba48c6f3"
> > >>> roles="manager-gui,admin,manager"/>
> > >>>
> > >>> 4) Edit /webapps/manager/WEB-INF/web.xml
> > >>>
> > >>> <login-config>
> > >>>     <auth-method>DIGEST</auth-method>
> > >>>     <realm-name>UserDatabase</realm-name>
> > >>>   </login-config>
> > >>>
> > >>> I then try to login to http://localhost:8080/manager/html and enter
> > >>> admin and password1234
> > >>> it fails.
> > >>>
> > >>> There must be something I am missing.
> > >>>
> > >>> Sorry if I misread some documentation or if my question is stupid,
> > these
> > >>> are the docs I have seen:
> > >>> - https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha
> > >>> ndler.html#MessageDigestCredentialHandler Note the start of this
part
> > is
> > >>> not that clear for me. I think my format is
> > >>> *salt$iterationCount$encodedCredential* - a hex encoded salt,
> > iteration
> > >>> code and a hex encoded credential, each separated by $
> > >>>
> > >>> I have also tried solutions described here without success:
> > >>> - http://www.techpaste.com/2013/05/enable-password-encryption-
> > >>> policy-tomcat-7/
> > >>> - https://stackoverflow.com/questions/39967289/how-to-use-dige
> > >>> st-authentication-in-tomcat-8-5
> > >>> - https://stackoverflow.com/questions/2978884/tomcat-digest-wi
> > >>> th-manager-webapp
> > >>>
> > >>> Regards
> > >>> Philippe
> > >>>
> > >>
> > >>
> > >>
> > >> --
> > >> Cordialement.
> > >> Philippe Mouawad.
> > >> Ubik-Ingénierie
> > >>
> > >> UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/>
> > >>
> > >> UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>
> > >>
> > >>
> > >
> > >
> >
> >
>
>
> --
> Cordialement.
> Philippe Mouawad.
> Ubik-Ingénierie
>
> UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/>
>
> UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message