I believe that GeoNode is setting up its own user/role source when
integrating with GeoServer,
so it may be that changing the GS config files does nothing.
Mind, this is just a hunch, there's a good chance I'm wrong here
Cheers
Andrea
On Thu, Oct 2, 2014 at 10:13 AM, Christian Mueller <
[email protected]> wrote:
> Hi Lubomir
>
> Quite strange. Please can you check if the value of
>
> password="crypt1:Z22ZwbZyJpL3kt3rZrM3PmY38jsMFYdx"
>
> changes if you change the password of the admin user. (Note, the value
> change is independent of a password change because we use a salt. Saving
> the password "geoserver" two times will result into two different values).
>
>
> Next, you can switch to the plain text password encoder (you have to
> change the settings in the default user/group service). Change the
> password and you should see the result in plain text
>
> password="plain:mynewpasswordf"
>
> I think this is the best way to resolve the problem. (After resolving,
> switch back to the digest encoder).
>
>
> Cheers
> Christian
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Thu, Oct 2, 2014 at 9:52 AM, Lubomir Filipov <[email protected]>
> wrote:
>
>> Hi Christian,
>> thanks for taking the time to reply.
>> This is the file you are referring to. We tried to disable the default
>> admin user, but still we can login with the default password (and the
>> geonode password as well). Geoserver version is 2.4 (the snapshot, used for
>> Geonode 2.0). We tried with geoserver 2.5, but the result is the same. We
>> tried on Ubuntu 12.4/12.5 and Debian, but the result is the same. We follow
>> step by step the instruction of the geonode site.
>>
>> [image: Inline image 1]
>>
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <userRegistry version="1.0" xmlns="
>> http://www.geoserver.org/security/users";>
>> <users>
>> <user enabled="true" name="admin"
>> password="crypt1:Z22ZwbZyJpL3kt3rZrM3PmY38jsMFYdx"/>
>> </users>
>> <groups/>
>> </userRegistry>
>>
>> We have made a detail movie of what/how we configure the system.
>>
>> https://drive.google.com/file/d/0B2oRsQyYjsqyMnRFQnN5Vy1vS2c/edit?usp=sharing
>>
>> I will appreciate any ideas and suggestions.
>>
>> My very best,
>>
>> Lubo.
>>
>> Lubomir Filipov
>>
>> 48 Evlogi Georgiev Blvd,
>> 1504 Sofia, Bulgaria
>> e-mail: [email protected]
>> cell phone: (+359) 888 972277
>> fax: (+359) 2 4916469
>> * <+359)%202%204916469>*skype name: fipeto
>> http://www.linkedin.com/in/lubomirfilipov
>> http://www.facebook.com/GAPconsult.bg
>>
>> On Wed, Oct 1, 2014 at 12:03 PM, Christian Mueller <
>> [email protected]> wrote:
>>
>>> Hi Lubomir
>>>
>>> I assume you are talking about the password of the admin user.
>>>
>>> Please take a look into
>>>
>>> security/usergroup/default/users.xml
>>>
>>> There is an XML element called <user> with attributes name and
>>> password. What do you see ?
>>>
>>> Cheers
>>> Christian
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Sep 30, 2014 at 8:37 PM, Lubomir Filipov <
>>> [email protected]> wrote:
>>>
>>>> Hello all,
>>>> we are running to a security problem using Geonode 2.0 and the default
>>>> version of geoserver (part of the geonode instalation), which is 2.4.
>>>> The issues is place also on:
>>>> https://github.com/GeoNode/geoserver-geonode-ext/issues/15 from
>>>> January 2014.
>>>> The issue is that we cannot change the default password of geoserver
>>>> (it allows change, but it keeps the old password as well).
>>>> Anyone running similar issue?
>>>> Thanks a lot in advance.
>>>>
>>>>
>>>> Lubomir Filipov
>>>>
>>>> 48 Evlogi Georgiev Blvd,
>>>> 1504 Sofia, Bulgaria
>>>> e-mail: [email protected]
>>>> cell phone: (+359) 888 972277
>>>> fax: (+359) 2 4916469
>>>> * <+359)%202%204916469>*skype name: fipeto
>>>> http://www.linkedin.com/in/lubomirfilipov
>>>> http://www.facebook.com/GAPconsult.bg
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>>>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
>>>> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>>>> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>>>
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>>>> _______________________________________________
>>>> Geoserver-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>>>
>>>>
>>>
>>>
>>> --
>>> DI Christian Mueller MSc (GIS), MSc (IT-Security)
>>> OSS Open Source Solutions GmbH
>>>
>>>
>>
>
>
> --
> DI Christian Mueller MSc (GIS), MSc (IT-Security)
> OSS Open Source Solutions GmbH
>
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> Geoserver-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>
--
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.
-------------------------------------------------------
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
