Hello, I confirm I didn't receive Christopher answer (it seems I am not alone, so maybe there was an issue): http://mail-archives.us.apache.org/mod_mbox/tomcat-users/201711.mbox/%3c2339f4d3-91fd-3be2-dd18-26e0f6262...@christopherschultz.net%3e
Anyway, now I read it, thank you Christopher ! Regards On Fri, Dec 8, 2017 at 9:20 AM, Mark Thomas <ma...@apache.org> wrote: > On 07/12/17 21:24, Philippe Mouawad wrote: > > Hello, > > Last ping hoping to get some help. > > If you aren't going to read the replies Chris has already given you to > your original question and your subsequent ping there isn't much more we > can do to help you. > > Mark > > > > > > Thanks > > > > On Wed, Nov 8, 2017 at 10:19 PM, Philippe Mouawad < > > p.moua...@ubik-ingenierie.com> wrote: > > > >> Hello, > >> Any feedback on this ? > >> Thanks > >> > >> On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad < > >> p.moua...@ubik-ingenierie.com> wrote: > >> > >>> Hello, > >>> I am having issues making Digest auth work in Tomcat 8.5.23 for manager > >>> application. > >>> > >>> I have done the following: > >>> > >>> 1) Edit server.xml and have set MessageDigestCredentialHandler with > >>> SHA-256 > >>> <Realm className="org.apache.catalina.realm.LockOutRealm"> > >>> <!-- This Realm uses the UserDatabase configured in the global > >>> JNDI > >>> resources under the key "UserDatabase". Any edits > >>> that are performed against this UserDatabase are > immediately > >>> available for use by the Realm. --> > >>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > >>> resourceName="*UserDatabase*"> > >>> <CredentialHandler className="org.apache.catalina > >>> .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" /> > >>> </Realm> > >>> </Realm> > >>> > >>> 2) Generated password using: > >>> ./digest.sh -a *SHA-256* -h org.apache.catalina.realm. > MessageDigestCredentialHandler > >>> -i 1 -s 0 password1234 > >>> > >>> I also tried : > >>> ./digest.sh -a SHA-256 -h org.apache.catalina.realm. > MessageDigestCredentialHandler > >>> -i 1 -s 0 tomcat:UserDatabase:password1234 > >>> > >>> 3) Set the last part of password following "password1234:" in > >>> tomcat-users.xml > >>> <role rolename="manager-gui"/> > >>> <role rolename="admin"/> > >>> <role rolename="manager"/> > >>> <user username="tomcat" password="b9c950640e1b3740e98a > >>> cb93e669c65766f6670dd1609ba91ff41052ba48c6f3" > >>> roles="manager-gui,admin,manager"/> > >>> > >>> 4) Edit /webapps/manager/WEB-INF/web.xml > >>> > >>> <login-config> > >>> <auth-method>DIGEST</auth-method> > >>> <realm-name>UserDatabase</realm-name> > >>> </login-config> > >>> > >>> I then try to login to http://localhost:8080/manager/html and enter > >>> admin and password1234 > >>> it fails. > >>> > >>> There must be something I am missing. > >>> > >>> Sorry if I misread some documentation or if my question is stupid, > these > >>> are the docs I have seen: > >>> - https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha > >>> ndler.html#MessageDigestCredentialHandler Note the start of this part > is > >>> not that clear for me. I think my format is > >>> *salt$iterationCount$encodedCredential* - a hex encoded salt, > iteration > >>> code and a hex encoded credential, each separated by $ > >>> > >>> I have also tried solutions described here without success: > >>> - http://www.techpaste.com/2013/05/enable-password-encryption- > >>> policy-tomcat-7/ > >>> - https://stackoverflow.com/questions/39967289/how-to-use-dige > >>> st-authentication-in-tomcat-8-5 > >>> - https://stackoverflow.com/questions/2978884/tomcat-digest-wi > >>> th-manager-webapp > >>> > >>> Regards > >>> Philippe > >>> > >> > >> > >> > >> -- > >> Cordialement. > >> Philippe Mouawad. > >> Ubik-Ingénierie > >> > >> UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/> > >> > >> UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack> > >> > >> > > > > > > -- Cordialement. Philippe Mouawad. Ubik-Ingénierie UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/> UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>