Guten Tag Christopher Schultz,
am Mittwoch, 16. November 2022 um 04:17 schrieben Sie:
> You should double-check the definition of "compliant to CIS
> benchmark spec" because there is no way in hell that HTTP DIGEST is
> required.[...]
The spec doesn't tell me exactly to use auth-method DIGEST, bu
Guten Tag Christopher Schultz,
am Mittwoch, 16. November 2022 um 04:00 schrieben Sie:
> Thorsten, what makes you say "it doesn't work" and "LockoutRealm
> ignores any credential handler"? When you say "it doesn't work"...
> what DOES it do?
IGNORES because it logs a corresponding warning on expli
Thorsten,
On 11/15/22 05:09, Thorsten Schöning wrote:
I have some webapp hosted by Tomcat and need to restrict user access
to some part of that. One additional requirement is that this app
needs to be CIS benchmark compliant and that requires to use
LockOutRealm and restricts to store plain-text
Thorsten,
On 11/15/22 15:29, Thorsten Schöning wrote:
Guten Tag Mark Thomas,
am Dienstag, 15. November 2022 um 20:44 schrieben Sie:
Assuming digesting passwords with one round of MD5 and no salt
isn't acceptable (I'd be surprised if it was) then you are probably
looking at HTTPS + BASIC + PBKD
Rémy and Thorsten,
On 11/15/22 06:59, Rémy Maucherat wrote:
On Tue, Nov 15, 2022 at 11:11 AM Thorsten Schöning
wrote:
Hi everyone,
I have some webapp hosted by Tomcat and need to restrict user access
to some part of that. One additional requirement is that this app
needs to be CIS benchmark
Angela,
On 11/14/22 11:56, Cantor, Angela T. wrote:
We just upgraded OpenJDK from 17.0.4.0.8-2.el8_6 to the above version. Now
tomcat won't listen on the desired port. Something is wonky with it accessing
the keystore. If you all see anything obvious, could you please advise?
Especially i
Ram,
On 11/13/22 22:10, thulasiram k wrote:
I have deleted the old certs so only new certs are in the key store.
This is probably your problem.
Your keystore needs to contain (at least) the server certificate AND ITS
key in the keystore.
If your keystore contains only certs and no keys, you
Guten Tag Mark Thomas,
am Dienstag, 15. November 2022 um 20:44 schrieben Sie:
> Assuming digesting passwords with one round of MD5 and no salt
> isn't acceptable (I'd be surprised if it was) then you are probably
> looking at HTTPS + BASIC + PBKDF2WithHmacSHA512.
Thanks for that clarification, it
Sorry, you are correct. There is no way to use PBKDF2WithHmacSHA512 in a
Realm along with HTTP DIGEST auth.
If you want to use HTTP DIGEST auth and digested passwords on the server
you have to use, quoting the Tomcat docs, "one iteration of the MD5
algorithm with no salt".
RFC 7616 has added
Guten Tag Mark Thomas,
am Dienstag, 15. November 2022 um 18:36 schrieben Sie:
> Please go and read my email - and the links I provided - again.
I did, so feel free to tell me how I tell my browser to use my
plain-text password as PBKDF2WithHmacSHA512 digest with 10
iterations, a key length of
On 11/15/22 9:50 AM, Mark Thomas wrote:
. . .
Is this from Tomcat, or is it from something else?
Lots of guess work here.
I think, something else.
. . .
It *is* from something else. I'd completely forgotten that on that
particular box, Tomcat was behind Apache HTTPD, and the relevant .conf
On 14/11/2022 11:22, Umesh Raikwar wrote:
... context path /product ...
loaderClass="org.apache.catalina.loader.ParallelWebappClassLoader"
delegate="true"/>
and tried to access URL: locahost:8080/Product/test.html which returned
404.
My question:
Is nested c
On 15/11/2022 17:41, James H. H. Lampert wrote:
We have Tomcat running on an AWS EC2 linux box.
I can get into manager from the office IP address, with the usual prompt
for user and password, but the boss, working from home, gets "You don't
have permission to access this resource."
Is this f
We have Tomcat running on an AWS EC2 linux box.
I can get into manager from the office IP address, with the usual prompt
for user and password, but the boss, working from home, gets "You don't
have permission to access this resource."
Is this from Tomcat, or is it from something else?
Lookin
On 15/11/2022 17:07, Thorsten Schöning wrote:
Guten Tag Mark Thomas,
am Dienstag, 15. November 2022 um 12:51 schrieben Sie:
In short, the digested value you save as the user credential is one
of the inputs the client uses when calculating the value to use in
the authorization header.[...]
My
Guten Tag Rémy Maucherat,
am Dienstag, 15. November 2022 um 12:59 schrieben Sie:
> Maybe NestedCredentialHandler could be used to construct a
> CredentialHandler that could be useful to the application, but this
> needs more thought.
That wouldn't change anything, as that handler would be ignored
Guten Tag Mark Thomas,
am Dienstag, 15. November 2022 um 12:51 schrieben Sie:
> In short, the digested value you save as the user credential is one
> of the inputs the client uses when calculating the value to use in
> the authorization header.[...]
My client is a browser and that asks me for pla
On Tue, Nov 15, 2022 at 11:11 AM Thorsten Schöning
wrote:
>
> Hi everyone,
>
> I have some webapp hosted by Tomcat and need to restrict user access
> to some part of that. One additional requirement is that this app
> needs to be CIS benchmark compliant and that requires to use
> LockOutRealm and
On 15/11/2022 10:20, Thorsten Schöning wrote:
So, is it even possible to use SecretKeyCredentialHandler and
auth-method DIGEST together or am I required to use BASIC? If DIGEST
is supported, how does that and credential helper work together
without plain-text password available at the server a
Hi everyone,
I have some webapp hosted by Tomcat and need to restrict user access
to some part of that. One additional requirement is that this app
needs to be CIS benchmark compliant and that requires to not store
plain-text passwords. So consider the following user database and
credential helper
Hi everyone,
I have some webapp hosted by Tomcat and need to restrict user access
to some part of that. One additional requirement is that this app
needs to be CIS benchmark compliant and that requires to use
LockOutRealm and restricts to store plain-text passwords. Therefore,
the ultimate solutio
21 matches
Mail list logo
