tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philippe Mouawad <p.moua...@ubik-ingenierie.com>
Subject Re: Configuring DIGEST auth for manager
Date Wed, 08 Nov 2017 21:19:30 GMT
Hello,
Any feedback on this ?
Thanks

On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
p.mouawad@ubik-ingenierie.com> wrote:

> Hello,
> I am having issues making Digest auth work in Tomcat 8.5.23 for manager
> application.
>
> I have done the following:
>
> 1) Edit server.xml and have set MessageDigestCredentialHandler with SHA-256
>       <Realm className="org.apache.catalina.realm.LockOutRealm">
>         <!-- This Realm uses the UserDatabase configured in the global JNDI
>              resources under the key "UserDatabase".  Any edits
>              that are performed against this UserDatabase are immediately
>              available for use by the Realm.  -->
>         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="*UserDatabase*">
>               <CredentialHandler className="org.apache.catalina
> .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" />
>         </Realm>
>       </Realm>
>
> 2) Generated password using:
> ./digest.sh -a *SHA-256* -h org.apache.catalina.realm.MessageDigestCredentialHandler
> -i 1 -s 0 password1234
>
> I also tried :
> ./digest.sh -a SHA-256 -h org.apache.catalina.realm.MessageDigestCredentialHandler
> -i 1 -s 0 tomcat:UserDatabase:password1234
>
> 3) Set the last part of password following "password1234:" in
> tomcat-users.xml
> <role rolename="manager-gui"/>
> <role rolename="admin"/>
> <role rolename="manager"/>
>     <user username="tomcat" password="b9c950640e1b3740e98a
> cb93e669c65766f6670dd1609ba91ff41052ba48c6f3"
> roles="manager-gui,admin,manager"/>
>
> 4) Edit /webapps/manager/WEB-INF/web.xml
>
> <login-config>
>     <auth-method>DIGEST</auth-method>
>     <realm-name>UserDatabase</realm-name>
>   </login-config>
>
> I then try to login to http://localhost:8080/manager/html and enter admin
> and password1234
> it fails.
>
> There must be something I am missing.
>
> Sorry if I misread some documentation or if my question is stupid, these
> are the docs I have seen:
> - https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha
> ndler.html#MessageDigestCredentialHandler Note the start of this part is
> not that clear for me. I think my format is
> *salt$iterationCount$encodedCredential* - a hex encoded salt, iteration
> code and a hex encoded credential, each separated by $
>
> I have also tried solutions described here without success:
> - http://www.techpaste.com/2013/05/enable-password-encryption-
> policy-tomcat-7/
> - https://stackoverflow.com/questions/39967289/how-to-use-dige
> st-authentication-in-tomcat-8-5
> - https://stackoverflow.com/questions/2978884/tomcat-digest-
> with-manager-webapp
>
> Regards
> Philippe
>



-- 
Cordialement.
Philippe Mouawad.
Ubik-Ingénierie

UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/>

UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message