Dear list members, sorry for asking again - can maybe anybody give me a hint? This would be great.
Best regards, Patric On 05/07/2014 05:24 PM, Patric Hafner | geOps wrote: > Dear list members, > > I am looking for way to make automatic changes of the master password > (aka root password). We deploy GeoServer automatically in our > infrastructure and since GeoServer 2.4 we have to change the now static > master password manually after each deploy - this happens quite often. > > To make automatic deploys fun again, I tried to figure out how to change > the master password via CLI tools, but was not successful yet. > > These are current steps: > > 1. Create new master password provider > > * create folder <data_dir>/security/masterpw/new_provider > * create file <data_dir>/security/masterpw/new_provider/masterpw.xml > with proper content (no encryption activated) > * create file <data_dir>/security/masterpw/new_provider/passwd > containing the new password in plaintext > * Change default master password provider in > <data_dir>/security/masterpw.xml > > 2. Change keystore passwd > > * keytool -storepasswd -new new_password -keystore geoserver.jceks > -storetype JCEKS > > 3. Create new masterpw.digest > > http://www.jasypt.org/cli.html > > * digest.sh algorithm=SHA-256 saltSizeBytes=16 iterations=100000 > input="new_password" > * Put the result in masterpw.digest, format: digest1:<new_hash> > > 4. Restart GeoServer > > After doing this, it seems like GeoServer is not able to open the > keystore anymore: > > org.springframework.beans.factory.BeanCreationException: Error occured > reading security configuration; nested exception is java.io.IOException: > Keystore was tampered with, or password was incorrect > > So maybe the way how the masterpw.digest gets generated is wrong? Base64 > is used in the source code, but encoding the hash has not worked either. > > Can anybody maybe give me a hint? This would be great! > > [OT] > In my opinion the static master password is a step backwards in terms of > security. Compared to the risk of the plain text password file with a > randomly generated password, the static master password is much more > dangerous. Especially since this fact is not mentioned or even > highlighted in the current documentation, a lot of users are maybe not > aware on how important this change is. > (There is already issue on this topic: GEOS-6136 [1]) > [/OT] > > Best regards, > Patric > > > > [1] http://jira.codehaus.org/browse/GEOS-6136 > ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
