Hi Christian,
Thank you for looking at my password issue.
A question for your above statement. I assume that I can trigger the
master password change from the GUI and change it again after I "hack" in
by changing the masterpw.digest and logging in as "root" with password
"geoserver" encryped.
Is that correct?
On Mon, Feb 11, 2013 at 4:27 AM, <christian.muel...@nvoe.at> wrote:
> Hi Sean
>
> Replacing the content of masterpw.digest directly is dangerous. The master
> password is also used to encrypt/decrypt the key store geoserver.jceks and
> is stored encrypted in security/masterpw/default/**passwd (default master
> password provider). The masterpw.digest is used to avoid fetching the
> master password into memory for a root login.
>
> If you want to change the master password, you have to trigger a master
> password change from the GUI to keep thins consistent.
>
> Christian
>
>
> Zitat von Sean K <sk92...@gmail.com>:
>
> I figured out a way around this.
>>
>> I replaced the contents of masterpw.digest with the encrypted "geoserver"
>>
>> digest1:YgaweuS60t+**mJNobGlf9hzUC6g7gGTtPEu0TlnUxF**
>> lv0fYtBuTsQDzZcBM4AfZHd
>>
>> Then, I was able to log in as root.
>>
>> Then I created manually created another user and added that user to the
>> ADMIN group so that it can have the same privileges at root.
>>
>> Then I packaged up all those files and along with other subdir in the
>> security dir for others to use in my group.
>>
>>
>>
>>
>> On Thu, Feb 7, 2013 at 10:22 AM, Sean K <sk92...@gmail.com> wrote:
>>
>> Hi,
>>>
>>> I've been reading the 2.2.4 manual about authentication and security for
>>> the master or root account.
>>>
>>> And since the security or authentication has been re-engineered as of 2.2
>>> (and we were using 2.1.1), the way we were using geoserver needs to
>>> change.
>>>
>>> In 2.1.1, since the password was not being encrypted, our geoserver had
>>> been customized at the GeoServerUserDao level, we injected a password
>>> encoder bean into this and encrypted the password using the Spring
>>> encoder.
>>>
>>> Now looking at 2.2.4, I see that the a lot of thing has changed.
>>>
>>> There are two things that we need:
>>>
>>> 1.) we need to use create or use a ROLE_ADMINISTRATOR with a name other
>>> than "root" -- for example, "myappadmin"
>>>
>>> 2.) we need to keep the password encrypted on the hard drive -- we dont
>>> need LDAP or other external systems. Since I see that encrypted
>>> passwords are not supported in 2.2.4, I figure this should be easier.
>>>
>>> If I want to zip up the entire geoserver web app with the all these
>>> changes, what are my best approaches? (I figure that I could change the
>>> source code again or the spring context files but I think I would prefer
>>> to
>>> avoid that to avoid future upgrade issues.)
>>>
>>> I tried to use the users.properties with content that looks like this:
>>>
>>>
>>> myappadmin=digest1:YgaweuS60t+**mJNobGlf9hzUC6g7gGTtPEu0TlnUxF**
>>> lv0fYtBuTsQDzZcBM4AfZHd,ROLE_**ADMINISTRATOR,enabled
>>>
>>> And I restarted my geoserver, but that did not work.
>>>
>>> Any guidance or suggestions would be appreciated.
>>>
>>> --
>>> Sean
>>>
>>>
>>
>>
>> --
>> Sean
>>
>>
>
>
> ------------------------------**------------------------------**----
> This message was sent using IMP, the Internet Messaging Program.
>
>
>
--
Sean
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
