tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Configuring DIGEST auth for manager
Date Thu, 09 Nov 2017 16:02:12 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Philippe,

On 11/8/17 4:19 PM, Philippe Mouawad wrote:
> Any feedback on this ?

Yep. Two days ago.

- -chris

> On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad < 
> p.mouawad@ubik-ingenierie.com> wrote:
> 
>> Hello, I am having issues making Digest auth work in Tomcat
>> 8.5.23 for manager application.
>> 
>> I have done the following:
>> 
>> 1) Edit server.xml and have set MessageDigestCredentialHandler
>> with SHA-256 <Realm
>> className="org.apache.catalina.realm.LockOutRealm"> <!-- This
>> Realm uses the UserDatabase configured in the global JNDI 
>> resources under the key "UserDatabase".  Any edits that are
>> performed against this UserDatabase are immediately available for
>> use by the Realm.  --> <Realm
>> className="org.apache.catalina.realm.UserDatabaseRealm" 
>> resourceName="*UserDatabase*"> <CredentialHandler
>> className="org.apache.catalina 
>> .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" /> 
>> </Realm> </Realm>
>> 
>> 2) Generated password using: ./digest.sh -a *SHA-256* -h
>> org.apache.catalina.realm.MessageDigestCredentialHandler -i 1 -s
>> 0 password1234
>> 
>> I also tried : ./digest.sh -a SHA-256 -h
>> org.apache.catalina.realm.MessageDigestCredentialHandler -i 1 -s
>> 0 tomcat:UserDatabase:password1234
>> 
>> 3) Set the last part of password following "password1234:" in 
>> tomcat-users.xml <role rolename="manager-gui"/> <role
>> rolename="admin"/> <role rolename="manager"/> <user
>> username="tomcat" password="b9c950640e1b3740e98a 
>> cb93e669c65766f6670dd1609ba91ff41052ba48c6f3" 
>> roles="manager-gui,admin,manager"/>
>> 
>> 4) Edit /webapps/manager/WEB-INF/web.xml
>> 
>> <login-config> <auth-method>DIGEST</auth-method> 
>> <realm-name>UserDatabase</realm-name> </login-config>
>> 
>> I then try to login to http://localhost:8080/manager/html and
>> enter admin and password1234 it fails.
>> 
>> There must be something I am missing.
>> 
>> Sorry if I misread some documentation or if my question is
>> stupid, these are the docs I have seen: -
>> https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha 
>> ndler.html#MessageDigestCredentialHandler Note the start of this
>> part is not that clear for me. I think my format is 
>> *salt$iterationCount$encodedCredential* - a hex encoded salt,
>> iteration code and a hex encoded credential, each separated by $
>> 
>> I have also tried solutions described here without success: -
>> http://www.techpaste.com/2013/05/enable-password-encryption- 
>> policy-tomcat-7/ -
>> https://stackoverflow.com/questions/39967289/how-to-use-dige 
>> st-authentication-in-tomcat-8-5 -
>> https://stackoverflow.com/questions/2978884/tomcat-digest- 
>> with-manager-webapp
>> 
>> Regards Philippe
>> 
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloEfAQdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFhNJA/+LXoZeXKxpxyPG4KX
+Yx5HDJfdkWf+EzMhl7ezmxCgr6HbR/yfaHJdtnWFA96RotU4Pc6Hmw/WA2gy37o
Ppo0ElE9W0JuR9R6oDerg6ZOjTE5laUsoYhiQ2shbxchWe6/1N6Tv28MUMdLkahX
BNDoqShn1It3UVTHtJvUk5J1Jzh/xu/RNYFLwGmu8n/Cf40w6pGWF5HwW+Dz2VpK
HpbnR2JX+i0Cw2NNTDI8F+m4lJpsRyLBm2hoj7eYEgsjNncjSIpmd08dpJFZTZRb
Eby7M0kpMwFR+gAwq6nMh5LTYi5OXqp2UqgRRfay2w3jpio/MONQS25R3noO2BtN
eeRQetAdMmkehJLJck4D/gD4ccJ4PZ22esIjVj1XC3YrBI2hCn7T5bVjQEHBQsqO
fBkkPf56xHrs2pPo7AbG4h9k8WHw03HczikKIVGiYdxCdlefzKVm7xuYoZH6ibD7
zOsnebKYajesp6lnuLOluIA7VGdGJDZ8lob4fmrCAlDivcNsBR0gDl4sC7SOOiN0
kbCiPklMnrIEYDtJv4wzMdUJbX10rD9ig7qz5wGkAp6Ueu8RqRK3MNQ51d2mcwKR
KpTeKtC7NxaMocCtpvuVZ6d4OLuAIghxM00pLsIcrrDsaf2MJ8vJXJ3w22bbrwPu
hMmV35bf9fC99FmEmzDv+56FJ8s=
=0qve
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message