Hi Philippe- I'm new to the list, and didn't see the previous response either, but I just did this recently do a similar config so I might have some guidance.
Where you have algorithm="*SHA-256*", for digest.sh too, you shouldn't need the asterisks. Why are you using those? > Set the last part of password following "password1234:" in This should also include the iterations. It should be something like: $1$b9c950640e1b3740e98acb93e669c65766f6670dd1609ba91ff41052ba48c6f3 Good luck! Robert On Fri, Dec 8, 2017 at 12:59 AM, Philippe Mouawad < p.moua...@ubik-ingenierie.com> wrote: > > Hi Mark, > Sorry but I didn't receive the reply otherwise I wouldn't be asking again. > I'll see the archives then. > > Thanks > Regards > > On Fri, Dec 8, 2017 at 9:20 AM, Mark Thomas <ma...@apache.org> wrote: > > > On 07/12/17 21:24, Philippe Mouawad wrote: > > > Hello, > > > Last ping hoping to get some help. > > > > If you aren't going to read the replies Chris has already given you to > > your original question and your subsequent ping there isn't much more we > > can do to help you. > > > > Mark > > > > > > > > > > Thanks > > > > > > On Wed, Nov 8, 2017 at 10:19 PM, Philippe Mouawad < > > > p.moua...@ubik-ingenierie.com> wrote: > > > > > >> Hello, > > >> Any feedback on this ? > > >> Thanks > > >> > > >> On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad < > > >> p.moua...@ubik-ingenierie.com> wrote: > > >> > > >>> Hello, > > >>> I am having issues making Digest auth work in Tomcat 8.5.23 for manager > > >>> application. > > >>> > > >>> I have done the following: > > >>> > > >>> 1) Edit server.xml and have set MessageDigestCredentialHandler with > > >>> SHA-256 > > >>> <Realm className="org.apache.catalina.realm.LockOutRealm"> > > >>> <!-- This Realm uses the UserDatabase configured in the global > > >>> JNDI > > >>> resources under the key "UserDatabase". Any edits > > >>> that are performed against this UserDatabase are > > immediately > > >>> available for use by the Realm. --> > > >>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > > >>> resourceName="*UserDatabase*"> > > >>> <CredentialHandler className="org.apache.catalina > > >>> .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" /> > > >>> </Realm> > > >>> </Realm> > > >>> > > >>> 2) Generated password using: > > >>> ./digest.sh -a *SHA-256* -h org.apache.catalina.realm. > > MessageDigestCredentialHandler > > >>> -i 1 -s 0 password1234 > > >>> > > >>> I also tried : > > >>> ./digest.sh -a SHA-256 -h org.apache.catalina.realm. > > MessageDigestCredentialHandler > > >>> -i 1 -s 0 tomcat:UserDatabase:password1234 > > >>> > > >>> 3) Set the last part of password following "password1234:" in > > >>> tomcat-users.xml > > >>> <role rolename="manager-gui"/> > > >>> <role rolename="admin"/> > > >>> <role rolename="manager"/> > > >>> <user username="tomcat" password="b9c950640e1b3740e98a > > >>> cb93e669c65766f6670dd1609ba91ff41052ba48c6f3" > > >>> roles="manager-gui,admin,manager"/> > > >>> > > >>> 4) Edit /webapps/manager/WEB-INF/web.xml > > >>> > > >>> <login-config> > > >>> <auth-method>DIGEST</auth-method> > > >>> <realm-name>UserDatabase</realm-name> > > >>> </login-config> > > >>> > > >>> I then try to login to http://localhost:8080/manager/html and enter > > >>> admin and password1234 > > >>> it fails. > > >>> > > >>> There must be something I am missing. > > >>> > > >>> Sorry if I misread some documentation or if my question is stupid, > > these > > >>> are the docs I have seen: > > >>> - https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha > > >>> ndler.html#MessageDigestCredentialHandler Note the start of this part > > is > > >>> not that clear for me. I think my format is > > >>> *salt$iterationCount$encodedCredential* - a hex encoded salt, > > iteration > > >>> code and a hex encoded credential, each separated by $ > > >>> > > >>> I have also tried solutions described here without success: > > >>> - http://www.techpaste.com/2013/05/enable-password-encryption- > > >>> policy-tomcat-7/ > > >>> - https://stackoverflow.com/questions/39967289/how-to-use-dige > > >>> st-authentication-in-tomcat-8-5 > > >>> - https://stackoverflow.com/questions/2978884/tomcat-digest-wi > > >>> th-manager-webapp > > >>> > > >>> Regards > > >>> Philippe > > >>> > > >> > > >> > > >> > > >> -- > > >> Cordialement. > > >> Philippe Mouawad. > > >> Ubik-Ingénierie > > >> > > >> UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/> > > >> > > >> UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack> > > >> > > >> > > > > > > > > > > > > > -- > Cordialement. > Philippe Mouawad. > Ubik-Ingénierie > > UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/> > > UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>
