tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Configuring DIGEST auth for manager
Date Fri, 08 Dec 2017 08:20:13 GMT
On 07/12/17 21:24, Philippe Mouawad wrote:
> Hello,
> Last ping hoping to get some help.

If you aren't going to read the replies Chris has already given you to
your original question and your subsequent ping there isn't much more we
can do to help you.

Mark


> 
> Thanks
> 
> On Wed, Nov 8, 2017 at 10:19 PM, Philippe Mouawad <
> p.mouawad@ubik-ingenierie.com> wrote:
> 
>> Hello,
>> Any feedback on this ?
>> Thanks
>>
>> On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
>> p.mouawad@ubik-ingenierie.com> wrote:
>>
>>> Hello,
>>> I am having issues making Digest auth work in Tomcat 8.5.23 for manager
>>> application.
>>>
>>> I have done the following:
>>>
>>> 1) Edit server.xml and have set MessageDigestCredentialHandler with
>>> SHA-256
>>>       <Realm className="org.apache.catalina.realm.LockOutRealm">
>>>         <!-- This Realm uses the UserDatabase configured in the global
>>> JNDI
>>>              resources under the key "UserDatabase".  Any edits
>>>              that are performed against this UserDatabase are immediately
>>>              available for use by the Realm.  -->
>>>         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>>> resourceName="*UserDatabase*">
>>>               <CredentialHandler className="org.apache.catalina
>>> .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" />
>>>         </Realm>
>>>       </Realm>
>>>
>>> 2) Generated password using:
>>> ./digest.sh -a *SHA-256* -h org.apache.catalina.realm.MessageDigestCredentialHandler
>>> -i 1 -s 0 password1234
>>>
>>> I also tried :
>>> ./digest.sh -a SHA-256 -h org.apache.catalina.realm.MessageDigestCredentialHandler
>>> -i 1 -s 0 tomcat:UserDatabase:password1234
>>>
>>> 3) Set the last part of password following "password1234:" in
>>> tomcat-users.xml
>>> <role rolename="manager-gui"/>
>>> <role rolename="admin"/>
>>> <role rolename="manager"/>
>>>     <user username="tomcat" password="b9c950640e1b3740e98a
>>> cb93e669c65766f6670dd1609ba91ff41052ba48c6f3"
>>> roles="manager-gui,admin,manager"/>
>>>
>>> 4) Edit /webapps/manager/WEB-INF/web.xml
>>>
>>> <login-config>
>>>     <auth-method>DIGEST</auth-method>
>>>     <realm-name>UserDatabase</realm-name>
>>>   </login-config>
>>>
>>> I then try to login to http://localhost:8080/manager/html and enter
>>> admin and password1234
>>> it fails.
>>>
>>> There must be something I am missing.
>>>
>>> Sorry if I misread some documentation or if my question is stupid, these
>>> are the docs I have seen:
>>> - https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha
>>> ndler.html#MessageDigestCredentialHandler Note the start of this part is
>>> not that clear for me. I think my format is
>>> *salt$iterationCount$encodedCredential* - a hex encoded salt, iteration
>>> code and a hex encoded credential, each separated by $
>>>
>>> I have also tried solutions described here without success:
>>> - http://www.techpaste.com/2013/05/enable-password-encryption-
>>> policy-tomcat-7/
>>> - https://stackoverflow.com/questions/39967289/how-to-use-dige
>>> st-authentication-in-tomcat-8-5
>>> - https://stackoverflow.com/questions/2978884/tomcat-digest-wi
>>> th-manager-webapp
>>>
>>> Regards
>>> Philippe
>>>
>>
>>
>>
>> --
>> Cordialement.
>> Philippe Mouawad.
>> Ubik-Ingénierie
>>
>> UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/>
>>
>> UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>
>>
>>
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message