-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Philippe,
On 11/8/17 4:19 PM, Philippe Mouawad wrote: > Any feedback on this ? Yep. Two days ago. - -chris > On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad < > p.moua...@ubik-ingenierie.com> wrote: > >> Hello, I am having issues making Digest auth work in Tomcat >> 8.5.23 for manager application. >> >> I have done the following: >> >> 1) Edit server.xml and have set MessageDigestCredentialHandler >> with SHA-256 <Realm >> className="org.apache.catalina.realm.LockOutRealm"> <!-- This >> Realm uses the UserDatabase configured in the global JNDI >> resources under the key "UserDatabase". Any edits that are >> performed against this UserDatabase are immediately available for >> use by the Realm. --> <Realm >> className="org.apache.catalina.realm.UserDatabaseRealm" >> resourceName="*UserDatabase*"> <CredentialHandler >> className="org.apache.catalina >> .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" /> >> </Realm> </Realm> >> >> 2) Generated password using: ./digest.sh -a *SHA-256* -h >> org.apache.catalina.realm.MessageDigestCredentialHandler -i 1 -s >> 0 password1234 >> >> I also tried : ./digest.sh -a SHA-256 -h >> org.apache.catalina.realm.MessageDigestCredentialHandler -i 1 -s >> 0 tomcat:UserDatabase:password1234 >> >> 3) Set the last part of password following "password1234:" in >> tomcat-users.xml <role rolename="manager-gui"/> <role >> rolename="admin"/> <role rolename="manager"/> <user >> username="tomcat" password="b9c950640e1b3740e98a >> cb93e669c65766f6670dd1609ba91ff41052ba48c6f3" >> roles="manager-gui,admin,manager"/> >> >> 4) Edit /webapps/manager/WEB-INF/web.xml >> >> <login-config> <auth-method>DIGEST</auth-method> >> <realm-name>UserDatabase</realm-name> </login-config> >> >> I then try to login to http://localhost:8080/manager/html and >> enter admin and password1234 it fails. >> >> There must be something I am missing. >> >> Sorry if I misread some documentation or if my question is >> stupid, these are the docs I have seen: - >> https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha >> ndler.html#MessageDigestCredentialHandler Note the start of this >> part is not that clear for me. I think my format is >> *salt$iterationCount$encodedCredential* - a hex encoded salt, >> iteration code and a hex encoded credential, each separated by $ >> >> I have also tried solutions described here without success: - >> http://www.techpaste.com/2013/05/enable-password-encryption- >> policy-tomcat-7/ - >> https://stackoverflow.com/questions/39967289/how-to-use-dige >> st-authentication-in-tomcat-8-5 - >> https://stackoverflow.com/questions/2978884/tomcat-digest- >> with-manager-webapp >> >> Regards Philippe >> > > > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloEfAQdHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFhNJA/+LXoZeXKxpxyPG4KX +Yx5HDJfdkWf+EzMhl7ezmxCgr6HbR/yfaHJdtnWFA96RotU4Pc6Hmw/WA2gy37o Ppo0ElE9W0JuR9R6oDerg6ZOjTE5laUsoYhiQ2shbxchWe6/1N6Tv28MUMdLkahX BNDoqShn1It3UVTHtJvUk5J1Jzh/xu/RNYFLwGmu8n/Cf40w6pGWF5HwW+Dz2VpK HpbnR2JX+i0Cw2NNTDI8F+m4lJpsRyLBm2hoj7eYEgsjNncjSIpmd08dpJFZTZRb Eby7M0kpMwFR+gAwq6nMh5LTYi5OXqp2UqgRRfay2w3jpio/MONQS25R3noO2BtN eeRQetAdMmkehJLJck4D/gD4ccJ4PZ22esIjVj1XC3YrBI2hCn7T5bVjQEHBQsqO fBkkPf56xHrs2pPo7AbG4h9k8WHw03HczikKIVGiYdxCdlefzKVm7xuYoZH6ibD7 zOsnebKYajesp6lnuLOluIA7VGdGJDZ8lob4fmrCAlDivcNsBR0gDl4sC7SOOiN0 kbCiPklMnrIEYDtJv4wzMdUJbX10rD9ig7qz5wGkAp6Ueu8RqRK3MNQ51d2mcwKR KpTeKtC7NxaMocCtpvuVZ6d4OLuAIghxM00pLsIcrrDsaf2MJ8vJXJ3w22bbrwPu hMmV35bf9fC99FmEmzDv+56FJ8s= =0qve -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org