Mark,
On 11/18/23 07:52, Mark Thomas wrote:
On 17/11/2023 19:36, Christopher Schultz wrote:
Is there any reason why SHA-256 is the default? MD5 is the historical
default / only implementation for HTTP DIGEST.
RFC 7616 (2015)
Chrome will choose SHA-256 if presented with a choice of SHA-256 a
On 17/11/2023 19:36, Christopher Schultz wrote:
Is there any reason why SHA-256 is the default? MD5 is the historical
default / only implementation for HTTP DIGEST.
RFC 7616 (2015)
Chrome will choose SHA-256 if presented with a choice of SHA-256 and MD5.
Mark
---
Mark,
On 11/17/23 03:55, Mark Thomas wrote:
On 16/11/2023 18:06, Peter Otto wrote:
1. Configure BASIC auth with clear-text passwords in the Realm and
get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm
and get
that working.
3. Then configure DIGEST a
Ok thanks.
Got it is now working.
This step was missing.
We didn’t have to do this before.
No mention of having to edit Digest inside context.xml here
https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html
Tried SHA-256, couldn’t get it to work. But MD5 does.
Thanks again.
This e-mail a
Mark,
On 11/17/23 03:55, Mark Thomas wrote:
On 16/11/2023 18:06, Peter Otto wrote:
1. Configure BASIC auth with clear-text passwords in the Realm and
get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm
and get
that working.
3. Then configure DIGEST a
On 16/11/2023 18:06, Peter Otto wrote:
1. Configure BASIC auth with clear-text passwords in the Realm and get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm and get
that working.
3. Then configure DIGEST auth and digested passwords in the Realm.
Hi Chris
Peter,
On 11/16/23 13:06, Peter Otto wrote:
1. Configure BASIC auth with clear-text passwords in the Realm and get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm and get
that working.
3. Then configure DIGEST auth and digested passwords in the Realm.
Hi
1. Configure BASIC auth with clear-text passwords in the Realm and get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm and get
that working.
3. Then configure DIGEST auth and digested passwords in the Realm.
Hi Chris,
Step 1 & 2 work
Step 3 will not work with
on the popup box.
From: Peter Otto
Date: Monday, November 13, 2023 at 11:05 AM
To: Tomcat Users List
Subject: Re: CredentialHandler not working for MD5
Chris,
Running the debugger, I found out the DigestAuthenticator wants to use SHA-256.
8 months ago there was a change for RFC 7616.
https://u
digest equals the
clientDigest, then it works.
The way I understand it, the clientDigest comes from the client entering in the
username/pwd on the popup box.
From: Peter Otto
Date: Monday, November 13, 2023 at 11:05 AM
To: Tomcat Users List
Subject: Re: CredentialHandler not working for MD5
: users@tomcat.apache.org
Subject: Re: CredentialHandler not working for MD5
Peter,
On 11/10/23 16:30, Peter Otto wrote:
> With 9.0.82, and the latest version 10, I get the same problem.
> So I assume it stopped working since 9.0.74 all the way up to 9.0.82
>
> Removing the Realm Lock
t see anything in the changelog that seems like it would be
related. Thing I suspect are related were in an earlier release.
Are you able to run under a debugger, and are you comfortable doing
that? It's pretty easy to set a breakpoint in the Realm and/or
CredentialHandler to see what's bein
@tomcat.apache.org
Subject: Re: CredentialHandler not working for MD5
Peter,
On 11/10/23 13:27, Peter Otto wrote:
> Logging into manager using MD5 works in 9.0.73 but now fails in
> 9.0.74->current
> Steps to reproduce.
>
> Step 1. Run C:\tomcat\bin> .\digest
c900e0
Step 2. Use the digest # and place it in tomcat-users.xml
Step 3. Edit server.xml and add the CredentialHandler to use MD5
Step 4. Edit the web.xml in manager to say
DIGEST
UserDatabase
Step 5 start tomcat and try to access the manager.
On WIndows 2019 server/
tomcat-users.xml
Step 3. Edit server.xml and add the CredentialHandler to use MD5
Step 4. Edit the web.xml in manager to say
DIGEST
UserDatabase
Step 5 start tomcat and try to access the manager.
On WIndows 2019 server/Chrome/OpenJDK11 type tomcat for the user
and nobue
ification and for all the help
От: Christopher Schultz
Отправлено: 23 октября 2023 г. 19:24
Кому: users@tomcat.apache.org
Тема: Re: CredentialHandler tomcat 7
Chuck,
On 10/22/23 13:55, Chuck Caldarale wrote:
>> On Oct 22, 2023, at 10:02, Усманов Азат Анварович wrote:
Chuck,
On 10/22/23 13:55, Chuck Caldarale wrote:
On Oct 22, 2023, at 10:02, Усманов Азат Анварович wrote:
Hi everyone! I'm trying to use CredentialHandler with tomcat to increase
security since our db at $work still has pwd stored as md5 hashes. Some of our
servers still use tomcat
> On Oct 22, 2023, at 10:02, Усманов Азат Анварович wrote:
>
> Hi everyone! I'm trying to use CredentialHandler with tomcat to increase
> security since our db at $work still has pwd stored as md5 hashes. Some of
> our servers still use tomcat 7.092/ I was looking at
Hi everyone! I'm trying to use CredentialHandler with tomcat to increase
security since our db at $work still has pwd stored as md5 hashes. Some of our
servers still use tomcat 7.092/ I was looking at this presentation by
Christopher Shultz
http://people.apache.org/~schultz/ApacheCon
idn't work, I was only able to login with providing the
DIGEST of tomcat-users.xml as password to the browser, which actually
made it a plain-text password at the server. The following fit as well
to what I recognized:
https://stackoverflow.com/questions/64733766/how-to-get-tomcat-credentia
On Thu, Nov 17, 2022 at 11:22 AM Mark Thomas wrote:
>
> On 17/11/2022 10:07, Rémy Maucherat wrote:
> > On Wed, Nov 16, 2022 at 6:14 PM Christopher Schultz
>
>
>
> >> I guess we could add a configuration option to CombinedRealm:
> >>
> >> inheritCredentialHandler="first|last|numeric-position|
On 17/11/2022 10:07, Rémy Maucherat wrote:
On Wed, Nov 16, 2022 at 6:14 PM Christopher Schultz
I guess we could add a configuration option to CombinedRealm:
inheritCredentialHandler="first|last|numeric-position|false/off/no"
?
Then you'd only have to declare it once and then you have
; >> mean the stuff you drop into an authentication database. It will make
> >> things a lot easier to understand for all parties involved.
> >>
> >>>>
> >>>> ...
> >>>>
> >>>
> >>> Adding that didn't
ser, which actually
made it a plain-text password at the server. The following fit as well
to what I recognized:
https://stackoverflow.com/questions/64733766/how-to-get-tomcat-credentialhandler-inside-java-when-nested-in-lockoutrealm
BUT: I gave things an additional try now and especially after the
di
Guten Tag Christopher Schultz,
am Mittwoch, 16. November 2022 um 13:35 schrieben Sie:
> I really don't know why you are seeing that warning. You aren't
> explicitly-setting a CredentialHandler on your LockOutRealm and
> that's the only time this warning should be shown
on database. It will make
> things a lot easier to understand for all parties involved.
>
> >>
> >> ...
> >>
> >
> > Adding that didn't work, I was only able to login with providing the
> > DIGEST of tomcat-users.xml as password to the browser,
ognized:
https://stackoverflow.com/questions/64733766/how-to-get-tomcat-credentialhandler-inside-java-when-nested-in-lockoutrealm
BUT: I gave things an additional try now and especially after the
discussion about auth-method BASIC vs. DIGEST and login DOES work now!
So both the UserDatabase realm
Thorsten,
On 11/16/22 02:28, Thorsten Schöning wrote:
Guten Tag Christopher Schultz,
am Mittwoch, 16. November 2022 um 04:00 schrieben Sie:
Thorsten, what makes you say "it doesn't work" and "LockoutRealm
ignores any credential handler"? When you say "it doesn't work"...
what DOES it do?
IGN
to the
browser.
>
> ...
>
Adding that didn't work, I was only able to login with providing the
DIGEST of tomcat-users.xml as password to the browser, which actually
made it a plain-text password at the server. The following fit as well
to what I recognized:
https://stackoverflow.com/q
Guten Tag Christopher Schultz,
am Mittwoch, 16. November 2022 um 04:00 schrieben Sie:
> Thorsten, what makes you say "it doesn't work" and "LockoutRealm
> ignores any credential handler"? When you say "it doesn't work"...
> what DOES it do?
IGNORES because it logs a corresponding warning on expli
lm itself anymore as well.
Forget about "digest". It's dead and for good reason.
The only way to fulfill both requirements is to implement a custom
realm.
That should not be true.
Nov 14, 2022 9:03:48 PM org.apache.catalina.realm.CombinedRealm
setCredentialHandler
WARNUNG
, I'm unable to set any
"digest" attribute on the realm itself anymore as well. The only way
to fulfill both requirements is to implement a custom realm.
Nov 14, 2022 9:03:48 PM org.apache.catalina.realm.CombinedRealm
setCredentialHandler
WARNUNG: A CredentialHandler was set o
Guten Tag Rémy Maucherat,
am Dienstag, 15. November 2022 um 12:59 schrieben Sie:
> Maybe NestedCredentialHandler could be used to construct a
> CredentialHandler that could be useful to the application, but this
> needs more thought.
That wouldn't change anything, as that ha
gt;
> >
>
> But that doesn't work, because LockOutRealm ignores any credential
> handler. Additionally, with my used Tomcat 10, I'm unable to set any
> "digest" attribute on the realm itself anymore as well. The only way
> to fulfill both requireme
ny
"digest" attribute on the realm itself anymore as well. The only way
to fulfill both requirements is to implement a custom realm.
> Nov 14, 2022 9:03:48 PM org.apache.catalina.realm.CombinedRealm
> setCredentialHandler
> WARNUNG: A CredentialHandler was set on an instance of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stefan,
On 4/27/16 11:16 AM, Stefan Frei wrote:
> Tomcat 8.0.33
>
> i need some help with credentialhandler in datasourceRealm.
>
> I wan t to achieve a encrypted password, if possible with salt.
>
> Encryption SHA-512 or
Hello
Tomcat 8.0.33
java 8
debian
i need some help with credentialhandler in datasourceRealm.
I wan t to achieve a encrypted password, if possible with salt.
Encryption SHA-512 or similar.
is there a example somewhere how to modify the realm, i couldnt find
anything in the docs.
Realm looks
are your requirements? You may not have to manually-configure a
CredentiaHandler.
> 1. Firstly how will a CredentialHandler declaration look like ?
> Can someone provide a sample declaration of the
> NestedCredentialHandler with the algorithm attribute declared. I
> need to know since the Diges
I need to use Container Managed Security and Authentication in my latest
project. And I have a couple of queries regarding how to configure a
Credential Handler.
1. Firstly how will a CredentialHandler declaration look like ? Can
someone provide a sample declaration of the
39 matches
Mail list logo
