Hi Sean Replacing the content of masterpw.digest directly is dangerous. The master password is also used to encrypt/decrypt the key store geoserver.jceks and is stored encrypted in security/masterpw/default/passwd (default master password provider). The masterpw.digest is used to avoid fetching the master password into memory for a root login.
If you want to change the master password, you have to trigger a master password change from the GUI to keep thins consistent. Christian Zitat von Sean K <sk92...@gmail.com>: > I figured out a way around this. > > I replaced the contents of masterpw.digest with the encrypted "geoserver" > > digest1:YgaweuS60t+mJNobGlf9hzUC6g7gGTtPEu0TlnUxFlv0fYtBuTsQDzZcBM4AfZHd > > Then, I was able to log in as root. > > Then I created manually created another user and added that user to the > ADMIN group so that it can have the same privileges at root. > > Then I packaged up all those files and along with other subdir in the > security dir for others to use in my group. > > > > > On Thu, Feb 7, 2013 at 10:22 AM, Sean K <sk92...@gmail.com> wrote: > >> Hi, >> >> I've been reading the 2.2.4 manual about authentication and security for >> the master or root account. >> >> And since the security or authentication has been re-engineered as of 2.2 >> (and we were using 2.1.1), the way we were using geoserver needs to change. >> >> In 2.1.1, since the password was not being encrypted, our geoserver had >> been customized at the GeoServerUserDao level, we injected a password >> encoder bean into this and encrypted the password using the Spring encoder. >> >> Now looking at 2.2.4, I see that the a lot of thing has changed. >> >> There are two things that we need: >> >> 1.) we need to use create or use a ROLE_ADMINISTRATOR with a name other >> than "root" -- for example, "myappadmin" >> >> 2.) we need to keep the password encrypted on the hard drive -- we dont >> need LDAP or other external systems. Since I see that encrypted >> passwords are not supported in 2.2.4, I figure this should be easier. >> >> If I want to zip up the entire geoserver web app with the all these >> changes, what are my best approaches? (I figure that I could change the >> source code again or the spring context files but I think I would prefer to >> avoid that to avoid future upgrade issues.) >> >> I tried to use the users.properties with content that looks like this: >> >> >> myappadmin=digest1:YgaweuS60t+mJNobGlf9hzUC6g7gGTtPEu0TlnUxFlv0fYtBuTsQDzZcBM4AfZHd,ROLE_ADMINISTRATOR,enabled >> >> And I restarted my geoserver, but that did not work. >> >> Any guidance or suggestions would be appreciated. >> >> -- >> Sean >> > > > > -- > Sean > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
