You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Philippe Mouawad <p....@ubik-ingenierie.com> on 2017/11/05 20:16:25 UTC
Configuring DIGEST auth for manager
Hello,
I am having issues making Digest auth work in Tomcat 8.5.23 for manager
application.
I have done the following:
1) Edit server.xml and have set MessageDigestCredentialHandler with SHA-256
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="*UserDatabase*">
<CredentialHandler className="org.apache.catalina.realm.
MessageDigestCredentialHandler" algorithm="*SHA-256*" />
</Realm>
</Realm>
2) Generated password using:
./digest.sh -a *SHA-256* -h
org.apache.catalina.realm.MessageDigestCredentialHandler
-i 1 -s 0 password1234
I also tried :
./digest.sh -a SHA-256 -h
org.apache.catalina.realm.MessageDigestCredentialHandler
-i 1 -s 0 tomcat:UserDatabase:password1234
3) Set the last part of password following "password1234:" in
tomcat-users.xml
<role rolename="manager-gui"/>
<role rolename="admin"/>
<role rolename="manager"/>
<user username="tomcat" password="b9c950640e1b3740e98acb93e669c6
5766f6670dd1609ba91ff41052ba48c6f3" roles="manager-gui,admin,manager"/>
4) Edit /webapps/manager/WEB-INF/web.xml
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>UserDatabase</realm-name>
</login-config>
I then try to login to http://localhost:8080/manager/html and enter admin
and password1234
it fails.
There must be something I am missing.
Sorry if I misread some documentation or if my question is stupid, these
are the docs I have seen:
- https://tomcat.apache.org/tomcat-8.5-doc/config/credentialhandler.html#
MessageDigestCredentialHandler Note the start of this part is not that
clear for me. I think my format is *salt$iterationCount$encodedCredential*
- a hex encoded salt, iteration code and a hex encoded credential, each
separated by $
I have also tried solutions described here without success:
- http://www.techpaste.com/2013/05/enable-password-encryption-
policy-tomcat-7/
- https://stackoverflow.com/questions/39967289/how-to-use-
digest-authentication-in-tomcat-8-5
- https://stackoverflow.com/questions/2978884/tomcat-
digest-with-manager-webapp
Regards
Philippe
Re: Configuring DIGEST auth for manager
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Philippe,
On 11/5/17 3:16 PM, Philippe Mouawad wrote:
> Hello, I am having issues making Digest auth work in Tomcat 8.5.23
> for manager application.
I'm curious... why bother with HTTP DIGEST authentication when TLS
just so much better?
> I have done the following:
>
> 1) Edit server.xml and have set MessageDigestCredentialHandler with
> SHA-256 <Realm className="org.apache.catalina.realm.LockOutRealm">
> <!-- This Realm uses the UserDatabase configured in the global
> JNDI resources under the key "UserDatabase". Any edits that are
> performed against this UserDatabase are immediately available for
> use by the Realm. --> <Realm
> className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="*UserDatabase*"> <CredentialHandler
> className="org.apache.catalina.realm.
> MessageDigestCredentialHandler" algorithm="*SHA-256*" /> </Realm>
> </Realm>
Tomcat docs[1] say specifically what you need to do.
> 2) Generated password using: ./digest.sh -a *SHA-256* -h
> org.apache.catalina.realm.MessageDigestCredentialHandler -i 1 -s 0
> password1234
This is not correct (incorrect algorithm, incorrect input).
> I also tried : ./digest.sh -a SHA-256 -h
> org.apache.catalina.realm.MessageDigestCredentialHandler -i 1 -s 0
> tomcat:UserDatabase:password1234
This is not correct (incorrect algorithm).
> 3) Set the last part of password following "password1234:" in
> tomcat-users.xml <role rolename="manager-gui"/> <role
> rolename="admin"/> <role rolename="manager"/> <user
> username="tomcat" password="b9c950640e1b3740e98acb93e669c6
> 5766f6670dd1609ba91ff41052ba48c6f3"
> roles="manager-gui,admin,manager"/>
>
> 4) Edit /webapps/manager/WEB-INF/web.xml
>
> <login-config> <auth-method>DIGEST</auth-method>
> <realm-name>UserDatabase</realm-name> </login-config>
>
> I then try to login to http://localhost:8080/manager/html and enter
> admin and password1234 it fails.
>
> There must be something I am missing.
Try this:
$ ./digest.sh -a MD5
-h org.apache.catalina.realm.MessageDigestCredentialHandler \
-i 1 -s 0 tomcat:UserDatabase:password1234
... and put the result of that into your tomcat-users.xml file.
> Sorry if I misread some documentation or if my question is stupid,
> these are the docs I have seen: -
> https://tomcat.apache.org/tomcat-8.5-doc/config/credentialhandler.html
#
>
>
MessageDigestCredentialHandler Note the start of this part is not that
> clear for me. I think my format is
> *salt$iterationCount$encodedCredential* - a hex encoded salt,
> iteration code and a hex encoded credential, each separated by $
>
> I have also tried solutions described here without success: -
> http://www.techpaste.com/2013/05/enable-password-encryption-
> policy-tomcat-7/ -
> https://stackoverflow.com/questions/39967289/how-to-use-
> digest-authentication-in-tomcat-8-5 -
> https://stackoverflow.com/questions/2978884/tomcat-
> digest-with-manager-webapp
HTTP DIGEST simply requires the use of MD5 and prohibits the use of
any password-strengthening strategies.
You are better off using TLS + HTTP BASIC in almost every case.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAln/9p8dHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFiZwRAAvWpovPI8jYk9bcnP
CsGgqeLDwcRJ4rNUJzC7n1dtwy4OCFMEkJJnuuiOy3ml6rSGuRUjflFy3MUE9D/4
O+r9KOblYi9Cj7ft/U39hG9T5XRiAF+pFTli4OPaylI/h1TNOPIBcegFMOw3Qx+h
jeD3ZqGVNi7HRjXiDVtSgebFStsfOVbvte0J/r5IOclvvOxZ9Cd5IJy6sM8kO9v4
av5Kl4qVQvw5CBWw3RXYd4uFJ10r76L8CHy07d3sDznXL7HQGjVeN1NlZIRAq0bS
6MmxEg5xvGhWIK+y60cpF0QGb/wXcRhHb8Q3denWJhEIRQLA3cS7331QEad5ZoNq
C6riGtncH7hPbd9M+55C/nAIOUFraQGRShNBsVkmrFnr8rVChMKnol/cCJZBEGR5
aePN8DBkpESopqCP4IgyIR3b5XMQ2BRxQkhOpdbGCkg7iUD6JIiUknaWoj2eF04I
C6iyAYMfRfeXEd+fpMXQQ0ep+4ZXI4MCiTS/xdo3CF04Iy3RpEZFc6Jfmoq8+lPj
H2+U8Su8u/iGs7MvcGvwBN3Jp/9basBMVU9lhrpEqJjfxt9V0UOkwSwmcc/0Qgy9
f7W95ZByovovGdfMQLHI3CN0kXO82DGRihIbfB4YiTELtO7PQdruC9cyx1Ud1KN2
GYXwbMzhMMNWhVhu4hN6tsgV59E=
=6ORl
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Configuring DIGEST auth for manager
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Philippe,
On 11/8/17 4:19 PM, Philippe Mouawad wrote:
> Any feedback on this ?
Yep. Two days ago.
- -chris
> On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
> p.mouawad@ubik-ingenierie.com> wrote:
>
>> Hello, I am having issues making Digest auth work in Tomcat
>> 8.5.23 for manager application.
>>
>> I have done the following:
>>
>> 1) Edit server.xml and have set MessageDigestCredentialHandler
>> with SHA-256 <Realm
>> className="org.apache.catalina.realm.LockOutRealm"> <!-- This
>> Realm uses the UserDatabase configured in the global JNDI
>> resources under the key "UserDatabase". Any edits that are
>> performed against this UserDatabase are immediately available for
>> use by the Realm. --> <Realm
>> className="org.apache.catalina.realm.UserDatabaseRealm"
>> resourceName="*UserDatabase*"> <CredentialHandler
>> className="org.apache.catalina
>> .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" />
>> </Realm> </Realm>
>>
>> 2) Generated password using: ./digest.sh -a *SHA-256* -h
>> org.apache.catalina.realm.MessageDigestCredentialHandler -i 1 -s
>> 0 password1234
>>
>> I also tried : ./digest.sh -a SHA-256 -h
>> org.apache.catalina.realm.MessageDigestCredentialHandler -i 1 -s
>> 0 tomcat:UserDatabase:password1234
>>
>> 3) Set the last part of password following "password1234:" in
>> tomcat-users.xml <role rolename="manager-gui"/> <role
>> rolename="admin"/> <role rolename="manager"/> <user
>> username="tomcat" password="b9c950640e1b3740e98a
>> cb93e669c65766f6670dd1609ba91ff41052ba48c6f3"
>> roles="manager-gui,admin,manager"/>
>>
>> 4) Edit /webapps/manager/WEB-INF/web.xml
>>
>> <login-config> <auth-method>DIGEST</auth-method>
>> <realm-name>UserDatabase</realm-name> </login-config>
>>
>> I then try to login to http://localhost:8080/manager/html and
>> enter admin and password1234 it fails.
>>
>> There must be something I am missing.
>>
>> Sorry if I misread some documentation or if my question is
>> stupid, these are the docs I have seen: -
>> https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha
>> ndler.html#MessageDigestCredentialHandler Note the start of this
>> part is not that clear for me. I think my format is
>> *salt$iterationCount$encodedCredential* - a hex encoded salt,
>> iteration code and a hex encoded credential, each separated by $
>>
>> I have also tried solutions described here without success: -
>> http://www.techpaste.com/2013/05/enable-password-encryption-
>> policy-tomcat-7/ -
>> https://stackoverflow.com/questions/39967289/how-to-use-dige
>> st-authentication-in-tomcat-8-5 -
>> https://stackoverflow.com/questions/2978884/tomcat-digest-
>> with-manager-webapp
>>
>> Regards Philippe
>>
>
>
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloEfAQdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFhNJA/+LXoZeXKxpxyPG4KX
+Yx5HDJfdkWf+EzMhl7ezmxCgr6HbR/yfaHJdtnWFA96RotU4Pc6Hmw/WA2gy37o
Ppo0ElE9W0JuR9R6oDerg6ZOjTE5laUsoYhiQ2shbxchWe6/1N6Tv28MUMdLkahX
BNDoqShn1It3UVTHtJvUk5J1Jzh/xu/RNYFLwGmu8n/Cf40w6pGWF5HwW+Dz2VpK
HpbnR2JX+i0Cw2NNTDI8F+m4lJpsRyLBm2hoj7eYEgsjNncjSIpmd08dpJFZTZRb
Eby7M0kpMwFR+gAwq6nMh5LTYi5OXqp2UqgRRfay2w3jpio/MONQS25R3noO2BtN
eeRQetAdMmkehJLJck4D/gD4ccJ4PZ22esIjVj1XC3YrBI2hCn7T5bVjQEHBQsqO
fBkkPf56xHrs2pPo7AbG4h9k8WHw03HczikKIVGiYdxCdlefzKVm7xuYoZH6ibD7
zOsnebKYajesp6lnuLOluIA7VGdGJDZ8lob4fmrCAlDivcNsBR0gDl4sC7SOOiN0
kbCiPklMnrIEYDtJv4wzMdUJbX10rD9ig7qz5wGkAp6Ueu8RqRK3MNQ51d2mcwKR
KpTeKtC7NxaMocCtpvuVZ6d4OLuAIghxM00pLsIcrrDsaf2MJ8vJXJ3w22bbrwPu
hMmV35bf9fC99FmEmzDv+56FJ8s=
=0qve
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Configuring DIGEST auth for manager
Posted by "Robert J. Carr" <rj...@gmail.com>.
Hi Philippe-
I'm new to the list, and didn't see the previous response either, but I
just did this recently do a similar config so I might have some guidance.
Where you have algorithm="*SHA-256*", for digest.sh too, you shouldn't need
the asterisks. Why are you using those?
> Set the last part of password following "password1234:" in
This should also include the iterations. It should be something like:
$1$b9c950640e1b3740e98acb93e669c65766f6670dd1609ba91ff41052ba48c6f3
Good luck!
Robert
On Fri, Dec 8, 2017 at 12:59 AM, Philippe Mouawad <
p.mouawad@ubik-ingenierie.com> wrote:
>
> Hi Mark,
> Sorry but I didn't receive the reply otherwise I wouldn't be asking again.
> I'll see the archives then.
>
> Thanks
> Regards
>
> On Fri, Dec 8, 2017 at 9:20 AM, Mark Thomas <ma...@apache.org> wrote:
>
> > On 07/12/17 21:24, Philippe Mouawad wrote:
> > > Hello,
> > > Last ping hoping to get some help.
> >
> > If you aren't going to read the replies Chris has already given you to
> > your original question and your subsequent ping there isn't much more we
> > can do to help you.
> >
> > Mark
> >
> >
> > >
> > > Thanks
> > >
> > > On Wed, Nov 8, 2017 at 10:19 PM, Philippe Mouawad <
> > > p.mouawad@ubik-ingenierie.com> wrote:
> > >
> > >> Hello,
> > >> Any feedback on this ?
> > >> Thanks
> > >>
> > >> On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
> > >> p.mouawad@ubik-ingenierie.com> wrote:
> > >>
> > >>> Hello,
> > >>> I am having issues making Digest auth work in Tomcat 8.5.23 for
manager
> > >>> application.
> > >>>
> > >>> I have done the following:
> > >>>
> > >>> 1) Edit server.xml and have set MessageDigestCredentialHandler with
> > >>> SHA-256
> > >>> <Realm className="org.apache.catalina.realm.LockOutRealm">
> > >>> <!-- This Realm uses the UserDatabase configured in the
global
> > >>> JNDI
> > >>> resources under the key "UserDatabase". Any edits
> > >>> that are performed against this UserDatabase are
> > immediately
> > >>> available for use by the Realm. -->
> > >>> <Realm
className="org.apache.catalina.realm.UserDatabaseRealm"
> > >>> resourceName="*UserDatabase*">
> > >>> <CredentialHandler className="org.apache.catalina
> > >>> .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" />
> > >>> </Realm>
> > >>> </Realm>
> > >>>
> > >>> 2) Generated password using:
> > >>> ./digest.sh -a *SHA-256* -h org.apache.catalina.realm.
> > MessageDigestCredentialHandler
> > >>> -i 1 -s 0 password1234
> > >>>
> > >>> I also tried :
> > >>> ./digest.sh -a SHA-256 -h org.apache.catalina.realm.
> > MessageDigestCredentialHandler
> > >>> -i 1 -s 0 tomcat:UserDatabase:password1234
> > >>>
> > >>> 3) Set the last part of password following "password1234:" in
> > >>> tomcat-users.xml
> > >>> <role rolename="manager-gui"/>
> > >>> <role rolename="admin"/>
> > >>> <role rolename="manager"/>
> > >>> <user username="tomcat" password="b9c950640e1b3740e98a
> > >>> cb93e669c65766f6670dd1609ba91ff41052ba48c6f3"
> > >>> roles="manager-gui,admin,manager"/>
> > >>>
> > >>> 4) Edit /webapps/manager/WEB-INF/web.xml
> > >>>
> > >>> <login-config>
> > >>> <auth-method>DIGEST</auth-method>
> > >>> <realm-name>UserDatabase</realm-name>
> > >>> </login-config>
> > >>>
> > >>> I then try to login to http://localhost:8080/manager/html and enter
> > >>> admin and password1234
> > >>> it fails.
> > >>>
> > >>> There must be something I am missing.
> > >>>
> > >>> Sorry if I misread some documentation or if my question is stupid,
> > these
> > >>> are the docs I have seen:
> > >>> - https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha
> > >>> ndler.html#MessageDigestCredentialHandler Note the start of this
part
> > is
> > >>> not that clear for me. I think my format is
> > >>> *salt$iterationCount$encodedCredential* - a hex encoded salt,
> > iteration
> > >>> code and a hex encoded credential, each separated by $
> > >>>
> > >>> I have also tried solutions described here without success:
> > >>> - http://www.techpaste.com/2013/05/enable-password-encryption-
> > >>> policy-tomcat-7/
> > >>> - https://stackoverflow.com/questions/39967289/how-to-use-dige
> > >>> st-authentication-in-tomcat-8-5
> > >>> - https://stackoverflow.com/questions/2978884/tomcat-digest-wi
> > >>> th-manager-webapp
> > >>>
> > >>> Regards
> > >>> Philippe
> > >>>
> > >>
> > >>
> > >>
> > >> --
> > >> Cordialement.
> > >> Philippe Mouawad.
> > >> Ubik-Ingénierie
> > >>
> > >> UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/>
> > >>
> > >> UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>
> > >>
> > >>
> > >
> > >
> >
> >
>
>
> --
> Cordialement.
> Philippe Mouawad.
> Ubik-Ingénierie
>
> UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/>
>
> UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>
Re: Configuring DIGEST auth for manager
Posted by Philippe Mouawad <p....@ubik-ingenierie.com>.
Hi Mark,
Sorry but I didn't receive the reply otherwise I wouldn't be asking again.
I'll see the archives then.
Thanks
Regards
On Fri, Dec 8, 2017 at 9:20 AM, Mark Thomas <ma...@apache.org> wrote:
> On 07/12/17 21:24, Philippe Mouawad wrote:
> > Hello,
> > Last ping hoping to get some help.
>
> If you aren't going to read the replies Chris has already given you to
> your original question and your subsequent ping there isn't much more we
> can do to help you.
>
> Mark
>
>
> >
> > Thanks
> >
> > On Wed, Nov 8, 2017 at 10:19 PM, Philippe Mouawad <
> > p.mouawad@ubik-ingenierie.com> wrote:
> >
> >> Hello,
> >> Any feedback on this ?
> >> Thanks
> >>
> >> On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
> >> p.mouawad@ubik-ingenierie.com> wrote:
> >>
> >>> Hello,
> >>> I am having issues making Digest auth work in Tomcat 8.5.23 for manager
> >>> application.
> >>>
> >>> I have done the following:
> >>>
> >>> 1) Edit server.xml and have set MessageDigestCredentialHandler with
> >>> SHA-256
> >>> <Realm className="org.apache.catalina.realm.LockOutRealm">
> >>> <!-- This Realm uses the UserDatabase configured in the global
> >>> JNDI
> >>> resources under the key "UserDatabase". Any edits
> >>> that are performed against this UserDatabase are
> immediately
> >>> available for use by the Realm. -->
> >>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> >>> resourceName="*UserDatabase*">
> >>> <CredentialHandler className="org.apache.catalina
> >>> .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" />
> >>> </Realm>
> >>> </Realm>
> >>>
> >>> 2) Generated password using:
> >>> ./digest.sh -a *SHA-256* -h org.apache.catalina.realm.
> MessageDigestCredentialHandler
> >>> -i 1 -s 0 password1234
> >>>
> >>> I also tried :
> >>> ./digest.sh -a SHA-256 -h org.apache.catalina.realm.
> MessageDigestCredentialHandler
> >>> -i 1 -s 0 tomcat:UserDatabase:password1234
> >>>
> >>> 3) Set the last part of password following "password1234:" in
> >>> tomcat-users.xml
> >>> <role rolename="manager-gui"/>
> >>> <role rolename="admin"/>
> >>> <role rolename="manager"/>
> >>> <user username="tomcat" password="b9c950640e1b3740e98a
> >>> cb93e669c65766f6670dd1609ba91ff41052ba48c6f3"
> >>> roles="manager-gui,admin,manager"/>
> >>>
> >>> 4) Edit /webapps/manager/WEB-INF/web.xml
> >>>
> >>> <login-config>
> >>> <auth-method>DIGEST</auth-method>
> >>> <realm-name>UserDatabase</realm-name>
> >>> </login-config>
> >>>
> >>> I then try to login to http://localhost:8080/manager/html and enter
> >>> admin and password1234
> >>> it fails.
> >>>
> >>> There must be something I am missing.
> >>>
> >>> Sorry if I misread some documentation or if my question is stupid,
> these
> >>> are the docs I have seen:
> >>> - https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha
> >>> ndler.html#MessageDigestCredentialHandler Note the start of this part
> is
> >>> not that clear for me. I think my format is
> >>> *salt$iterationCount$encodedCredential* - a hex encoded salt,
> iteration
> >>> code and a hex encoded credential, each separated by $
> >>>
> >>> I have also tried solutions described here without success:
> >>> - http://www.techpaste.com/2013/05/enable-password-encryption-
> >>> policy-tomcat-7/
> >>> - https://stackoverflow.com/questions/39967289/how-to-use-dige
> >>> st-authentication-in-tomcat-8-5
> >>> - https://stackoverflow.com/questions/2978884/tomcat-digest-wi
> >>> th-manager-webapp
> >>>
> >>> Regards
> >>> Philippe
> >>>
> >>
> >>
> >>
> >> --
> >> Cordialement.
> >> Philippe Mouawad.
> >> Ubik-Ingénierie
> >>
> >> UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/>
> >>
> >> UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>
> >>
> >>
> >
> >
>
>
--
Cordialement.
Philippe Mouawad.
Ubik-Ingénierie
UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/>
UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>
Re: Configuring DIGEST auth for manager
Posted by Philippe Mouawad <p....@ubik-ingenierie.com>.
Hello,
I confirm I didn't receive Christopher answer (it seems I am not alone, so
maybe there was an issue):
http://mail-archives.us.apache.org/mod_mbox/tomcat-users/201711.mbox/%3c2339f4d3-91fd-3be2-dd18-26e0f626278b@christopherschultz.net%3e
Anyway, now I read it, thank you Christopher !
Regards
On Fri, Dec 8, 2017 at 9:20 AM, Mark Thomas <ma...@apache.org> wrote:
> On 07/12/17 21:24, Philippe Mouawad wrote:
> > Hello,
> > Last ping hoping to get some help.
>
> If you aren't going to read the replies Chris has already given you to
> your original question and your subsequent ping there isn't much more we
> can do to help you.
>
> Mark
>
>
> >
> > Thanks
> >
> > On Wed, Nov 8, 2017 at 10:19 PM, Philippe Mouawad <
> > p.mouawad@ubik-ingenierie.com> wrote:
> >
> >> Hello,
> >> Any feedback on this ?
> >> Thanks
> >>
> >> On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
> >> p.mouawad@ubik-ingenierie.com> wrote:
> >>
> >>> Hello,
> >>> I am having issues making Digest auth work in Tomcat 8.5.23 for manager
> >>> application.
> >>>
> >>> I have done the following:
> >>>
> >>> 1) Edit server.xml and have set MessageDigestCredentialHandler with
> >>> SHA-256
> >>> <Realm className="org.apache.catalina.realm.LockOutRealm">
> >>> <!-- This Realm uses the UserDatabase configured in the global
> >>> JNDI
> >>> resources under the key "UserDatabase". Any edits
> >>> that are performed against this UserDatabase are
> immediately
> >>> available for use by the Realm. -->
> >>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> >>> resourceName="*UserDatabase*">
> >>> <CredentialHandler className="org.apache.catalina
> >>> .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" />
> >>> </Realm>
> >>> </Realm>
> >>>
> >>> 2) Generated password using:
> >>> ./digest.sh -a *SHA-256* -h org.apache.catalina.realm.
> MessageDigestCredentialHandler
> >>> -i 1 -s 0 password1234
> >>>
> >>> I also tried :
> >>> ./digest.sh -a SHA-256 -h org.apache.catalina.realm.
> MessageDigestCredentialHandler
> >>> -i 1 -s 0 tomcat:UserDatabase:password1234
> >>>
> >>> 3) Set the last part of password following "password1234:" in
> >>> tomcat-users.xml
> >>> <role rolename="manager-gui"/>
> >>> <role rolename="admin"/>
> >>> <role rolename="manager"/>
> >>> <user username="tomcat" password="b9c950640e1b3740e98a
> >>> cb93e669c65766f6670dd1609ba91ff41052ba48c6f3"
> >>> roles="manager-gui,admin,manager"/>
> >>>
> >>> 4) Edit /webapps/manager/WEB-INF/web.xml
> >>>
> >>> <login-config>
> >>> <auth-method>DIGEST</auth-method>
> >>> <realm-name>UserDatabase</realm-name>
> >>> </login-config>
> >>>
> >>> I then try to login to http://localhost:8080/manager/html and enter
> >>> admin and password1234
> >>> it fails.
> >>>
> >>> There must be something I am missing.
> >>>
> >>> Sorry if I misread some documentation or if my question is stupid,
> these
> >>> are the docs I have seen:
> >>> - https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha
> >>> ndler.html#MessageDigestCredentialHandler Note the start of this part
> is
> >>> not that clear for me. I think my format is
> >>> *salt$iterationCount$encodedCredential* - a hex encoded salt,
> iteration
> >>> code and a hex encoded credential, each separated by $
> >>>
> >>> I have also tried solutions described here without success:
> >>> - http://www.techpaste.com/2013/05/enable-password-encryption-
> >>> policy-tomcat-7/
> >>> - https://stackoverflow.com/questions/39967289/how-to-use-dige
> >>> st-authentication-in-tomcat-8-5
> >>> - https://stackoverflow.com/questions/2978884/tomcat-digest-wi
> >>> th-manager-webapp
> >>>
> >>> Regards
> >>> Philippe
> >>>
> >>
> >>
> >>
> >> --
> >> Cordialement.
> >> Philippe Mouawad.
> >> Ubik-Ingénierie
> >>
> >> UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/>
> >>
> >> UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>
> >>
> >>
> >
> >
>
>
--
Cordialement.
Philippe Mouawad.
Ubik-Ingénierie
UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/>
UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>
Re: Configuring DIGEST auth for manager
Posted by Mark Thomas <ma...@apache.org>.
On 07/12/17 21:24, Philippe Mouawad wrote:
> Hello,
> Last ping hoping to get some help.
If you aren't going to read the replies Chris has already given you to
your original question and your subsequent ping there isn't much more we
can do to help you.
Mark
>
> Thanks
>
> On Wed, Nov 8, 2017 at 10:19 PM, Philippe Mouawad <
> p.mouawad@ubik-ingenierie.com> wrote:
>
>> Hello,
>> Any feedback on this ?
>> Thanks
>>
>> On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
>> p.mouawad@ubik-ingenierie.com> wrote:
>>
>>> Hello,
>>> I am having issues making Digest auth work in Tomcat 8.5.23 for manager
>>> application.
>>>
>>> I have done the following:
>>>
>>> 1) Edit server.xml and have set MessageDigestCredentialHandler with
>>> SHA-256
>>> <Realm className="org.apache.catalina.realm.LockOutRealm">
>>> <!-- This Realm uses the UserDatabase configured in the global
>>> JNDI
>>> resources under the key "UserDatabase". Any edits
>>> that are performed against this UserDatabase are immediately
>>> available for use by the Realm. -->
>>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>>> resourceName="*UserDatabase*">
>>> <CredentialHandler className="org.apache.catalina
>>> .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" />
>>> </Realm>
>>> </Realm>
>>>
>>> 2) Generated password using:
>>> ./digest.sh -a *SHA-256* -h org.apache.catalina.realm.MessageDigestCredentialHandler
>>> -i 1 -s 0 password1234
>>>
>>> I also tried :
>>> ./digest.sh -a SHA-256 -h org.apache.catalina.realm.MessageDigestCredentialHandler
>>> -i 1 -s 0 tomcat:UserDatabase:password1234
>>>
>>> 3) Set the last part of password following "password1234:" in
>>> tomcat-users.xml
>>> <role rolename="manager-gui"/>
>>> <role rolename="admin"/>
>>> <role rolename="manager"/>
>>> <user username="tomcat" password="b9c950640e1b3740e98a
>>> cb93e669c65766f6670dd1609ba91ff41052ba48c6f3"
>>> roles="manager-gui,admin,manager"/>
>>>
>>> 4) Edit /webapps/manager/WEB-INF/web.xml
>>>
>>> <login-config>
>>> <auth-method>DIGEST</auth-method>
>>> <realm-name>UserDatabase</realm-name>
>>> </login-config>
>>>
>>> I then try to login to http://localhost:8080/manager/html and enter
>>> admin and password1234
>>> it fails.
>>>
>>> There must be something I am missing.
>>>
>>> Sorry if I misread some documentation or if my question is stupid, these
>>> are the docs I have seen:
>>> - https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha
>>> ndler.html#MessageDigestCredentialHandler Note the start of this part is
>>> not that clear for me. I think my format is
>>> *salt$iterationCount$encodedCredential* - a hex encoded salt, iteration
>>> code and a hex encoded credential, each separated by $
>>>
>>> I have also tried solutions described here without success:
>>> - http://www.techpaste.com/2013/05/enable-password-encryption-
>>> policy-tomcat-7/
>>> - https://stackoverflow.com/questions/39967289/how-to-use-dige
>>> st-authentication-in-tomcat-8-5
>>> - https://stackoverflow.com/questions/2978884/tomcat-digest-wi
>>> th-manager-webapp
>>>
>>> Regards
>>> Philippe
>>>
>>
>>
>>
>> --
>> Cordialement.
>> Philippe Mouawad.
>> Ubik-Ingénierie
>>
>> UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/>
>>
>> UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Configuring DIGEST auth for manager
Posted by Philippe Mouawad <p....@ubik-ingenierie.com>.
Hello,
Last ping hoping to get some help.
Thanks
On Wed, Nov 8, 2017 at 10:19 PM, Philippe Mouawad <
p.mouawad@ubik-ingenierie.com> wrote:
> Hello,
> Any feedback on this ?
> Thanks
>
> On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
> p.mouawad@ubik-ingenierie.com> wrote:
>
>> Hello,
>> I am having issues making Digest auth work in Tomcat 8.5.23 for manager
>> application.
>>
>> I have done the following:
>>
>> 1) Edit server.xml and have set MessageDigestCredentialHandler with
>> SHA-256
>> <Realm className="org.apache.catalina.realm.LockOutRealm">
>> <!-- This Realm uses the UserDatabase configured in the global
>> JNDI
>> resources under the key "UserDatabase". Any edits
>> that are performed against this UserDatabase are immediately
>> available for use by the Realm. -->
>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>> resourceName="*UserDatabase*">
>> <CredentialHandler className="org.apache.catalina
>> .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" />
>> </Realm>
>> </Realm>
>>
>> 2) Generated password using:
>> ./digest.sh -a *SHA-256* -h org.apache.catalina.realm.MessageDigestCredentialHandler
>> -i 1 -s 0 password1234
>>
>> I also tried :
>> ./digest.sh -a SHA-256 -h org.apache.catalina.realm.MessageDigestCredentialHandler
>> -i 1 -s 0 tomcat:UserDatabase:password1234
>>
>> 3) Set the last part of password following "password1234:" in
>> tomcat-users.xml
>> <role rolename="manager-gui"/>
>> <role rolename="admin"/>
>> <role rolename="manager"/>
>> <user username="tomcat" password="b9c950640e1b3740e98a
>> cb93e669c65766f6670dd1609ba91ff41052ba48c6f3"
>> roles="manager-gui,admin,manager"/>
>>
>> 4) Edit /webapps/manager/WEB-INF/web.xml
>>
>> <login-config>
>> <auth-method>DIGEST</auth-method>
>> <realm-name>UserDatabase</realm-name>
>> </login-config>
>>
>> I then try to login to http://localhost:8080/manager/html and enter
>> admin and password1234
>> it fails.
>>
>> There must be something I am missing.
>>
>> Sorry if I misread some documentation or if my question is stupid, these
>> are the docs I have seen:
>> - https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha
>> ndler.html#MessageDigestCredentialHandler Note the start of this part is
>> not that clear for me. I think my format is
>> *salt$iterationCount$encodedCredential* - a hex encoded salt, iteration
>> code and a hex encoded credential, each separated by $
>>
>> I have also tried solutions described here without success:
>> - http://www.techpaste.com/2013/05/enable-password-encryption-
>> policy-tomcat-7/
>> - https://stackoverflow.com/questions/39967289/how-to-use-dige
>> st-authentication-in-tomcat-8-5
>> - https://stackoverflow.com/questions/2978884/tomcat-digest-wi
>> th-manager-webapp
>>
>> Regards
>> Philippe
>>
>
>
>
> --
> Cordialement.
> Philippe Mouawad.
> Ubik-Ingénierie
>
> UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/>
>
> UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>
>
>
--
Cordialement.
Philippe Mouawad.
Ubik-Ingénierie
UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/>
UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>
Re: Configuring DIGEST auth for manager
Posted by Philippe Mouawad <p....@ubik-ingenierie.com>.
Hello,
Any feedback on this ?
Thanks
On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
p.mouawad@ubik-ingenierie.com> wrote:
> Hello,
> I am having issues making Digest auth work in Tomcat 8.5.23 for manager
> application.
>
> I have done the following:
>
> 1) Edit server.xml and have set MessageDigestCredentialHandler with SHA-256
> <Realm className="org.apache.catalina.realm.LockOutRealm">
> <!-- This Realm uses the UserDatabase configured in the global JNDI
> resources under the key "UserDatabase". Any edits
> that are performed against this UserDatabase are immediately
> available for use by the Realm. -->
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="*UserDatabase*">
> <CredentialHandler className="org.apache.catalina
> .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" />
> </Realm>
> </Realm>
>
> 2) Generated password using:
> ./digest.sh -a *SHA-256* -h org.apache.catalina.realm.MessageDigestCredentialHandler
> -i 1 -s 0 password1234
>
> I also tried :
> ./digest.sh -a SHA-256 -h org.apache.catalina.realm.MessageDigestCredentialHandler
> -i 1 -s 0 tomcat:UserDatabase:password1234
>
> 3) Set the last part of password following "password1234:" in
> tomcat-users.xml
> <role rolename="manager-gui"/>
> <role rolename="admin"/>
> <role rolename="manager"/>
> <user username="tomcat" password="b9c950640e1b3740e98a
> cb93e669c65766f6670dd1609ba91ff41052ba48c6f3"
> roles="manager-gui,admin,manager"/>
>
> 4) Edit /webapps/manager/WEB-INF/web.xml
>
> <login-config>
> <auth-method>DIGEST</auth-method>
> <realm-name>UserDatabase</realm-name>
> </login-config>
>
> I then try to login to http://localhost:8080/manager/html and enter admin
> and password1234
> it fails.
>
> There must be something I am missing.
>
> Sorry if I misread some documentation or if my question is stupid, these
> are the docs I have seen:
> - https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha
> ndler.html#MessageDigestCredentialHandler Note the start of this part is
> not that clear for me. I think my format is
> *salt$iterationCount$encodedCredential* - a hex encoded salt, iteration
> code and a hex encoded credential, each separated by $
>
> I have also tried solutions described here without success:
> - http://www.techpaste.com/2013/05/enable-password-encryption-
> policy-tomcat-7/
> - https://stackoverflow.com/questions/39967289/how-to-use-dige
> st-authentication-in-tomcat-8-5
> - https://stackoverflow.com/questions/2978884/tomcat-digest-
> with-manager-webapp
>
> Regards
> Philippe
>
--
Cordialement.
Philippe Mouawad.
Ubik-Ingénierie
UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/>
UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>