Hi Sean Zitat von Sean K <[email protected]>:
> Hi Christian, > > Thank you for looking at my password issue. > > A question for your above statement. I assume that I can trigger the > master password change from the GUI and change it again after I "hack" in > by changing the masterpw.digest and logging in as "root" with password > "geoserver" encryped. > > Is that correct? Never tried this procedure based on a hacked masterpw.digest. Make a backup of your <GEOSERVER_DATA_DIR>/security directory and try a master password change. If you can login as root with your new password, the procedure was successful. Christian > > > > > > > On Mon, Feb 11, 2013 at 4:27 AM, <[email protected]> wrote: > >> Hi Sean >> >> Replacing the content of masterpw.digest directly is dangerous. The master >> password is also used to encrypt/decrypt the key store geoserver.jceks and >> is stored encrypted in security/masterpw/default/**passwd (default master >> password provider). The masterpw.digest is used to avoid fetching the >> master password into memory for a root login. >> >> If you want to change the master password, you have to trigger a master >> password change from the GUI to keep thins consistent. >> >> Christian >> >> >> Zitat von Sean K <[email protected]>: >> >> I figured out a way around this. >>> >>> I replaced the contents of masterpw.digest with the encrypted "geoserver" >>> >>> digest1:YgaweuS60t+**mJNobGlf9hzUC6g7gGTtPEu0TlnUxF** >>> lv0fYtBuTsQDzZcBM4AfZHd >>> >>> Then, I was able to log in as root. >>> >>> Then I created manually created another user and added that user to the >>> ADMIN group so that it can have the same privileges at root. >>> >>> Then I packaged up all those files and along with other subdir in the >>> security dir for others to use in my group. >>> >>> >>> >>> >>> On Thu, Feb 7, 2013 at 10:22 AM, Sean K <[email protected]> wrote: >>> >>> Hi, >>>> >>>> I've been reading the 2.2.4 manual about authentication and security for >>>> the master or root account. >>>> >>>> And since the security or authentication has been re-engineered as of 2.2 >>>> (and we were using 2.1.1), the way we were using geoserver needs to >>>> change. >>>> >>>> In 2.1.1, since the password was not being encrypted, our geoserver had >>>> been customized at the GeoServerUserDao level, we injected a password >>>> encoder bean into this and encrypted the password using the Spring >>>> encoder. >>>> >>>> Now looking at 2.2.4, I see that the a lot of thing has changed. >>>> >>>> There are two things that we need: >>>> >>>> 1.) we need to use create or use a ROLE_ADMINISTRATOR with a name other >>>> than "root" -- for example, "myappadmin" >>>> >>>> 2.) we need to keep the password encrypted on the hard drive -- we dont >>>> need LDAP or other external systems. Since I see that encrypted >>>> passwords are not supported in 2.2.4, I figure this should be easier. >>>> >>>> If I want to zip up the entire geoserver web app with the all these >>>> changes, what are my best approaches? (I figure that I could change the >>>> source code again or the spring context files but I think I would prefer >>>> to >>>> avoid that to avoid future upgrade issues.) >>>> >>>> I tried to use the users.properties with content that looks like this: >>>> >>>> >>>> myappadmin=digest1:YgaweuS60t+**mJNobGlf9hzUC6g7gGTtPEu0TlnUxF** >>>> lv0fYtBuTsQDzZcBM4AfZHd,ROLE_**ADMINISTRATOR,enabled >>>> >>>> And I restarted my geoserver, but that did not work. >>>> >>>> Any guidance or suggestions would be appreciated. >>>> >>>> -- >>>> Sean >>>> >>>> >>> >>> >>> -- >>> Sean >>> >>> >> >> >> ------------------------------**------------------------------**---- >> This message was sent using IMP, the Internet Messaging Program. >> >> >> > > > -- > Sean > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
