This is a long prelude to a simple answer, but please bear with me. In 1.1, all passwords were stored in clear text. The thinking was that nobody would use the default user provider. It was just meant to demonstrate how a real user provider would work. Realizing that people really do want to use this provider, even in production, I made a change in 1.2 that stored passwords as a salted md5 hash.
Digest auth does not work without the ability to compare the credentials provided at runtime with a stored clear text password. Hashing passwords therefore disabled digest auth for most users. The one exception to this is the "system account". This user/password combination is set in config.properties (see org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass), and has a clear text password that is stored in memory, never on disk. The system account can therefore use digest auth, but can not log in via the UI. All other accounts can log in via the UI, but not via digest auth. The result is a far more secure Matterhorn 1.2, and apparently some out of date documentation. So you can keep using those curl commands, just change the user/password that you've chosen from admin:opencast to the system account user:pass that you've set in config.properties. Hope that helps, Josh On Sep 22, 2011, at 3:17 AM, Pawel Fic wrote: > Hi, > I do not want to force an open door. > > Reffering to article: > http://opencast.jira.com/wiki/display/MH/Remote+Services > With MH 1.1. I used: > > curl -I -H "X-Requested-Auth: Digest" --digest -uadmin:opencast URL > > worked well with 1.1. > With 1.2. it fails with HTTP/1.1 401 Incorrect response. > > I am trying two requests: > curl -I -H "X-Requested-Auth: Digest" --digest -uadmin:opencast > http://mhserver:8080/welcome.html > > and: > curl -H "X-Requested-Auth: Digest" --digest -uadmin:opencast > http://mhserver:8080/info/me.json > > > and getting: > For MH1.1: > welcome.html > > For MH1.2: > HTTP/1.1 401 Full authentication is required to access this resource > HTTP/1.1 401 Incorrect response > > > and: > For MH1.1: > {"username":"admin","roles":["ROLE_ADMIN","ROLE_USER"]} > > > For MH1.2: > {"username":"mh_anonymous","roles":["anonymous"],"org":{"id":"mh_default_org","anonymousRole":"anonymous","name":"Opencast > > Project","adminRole":"ROLE_ADMIN","properties":{"logo_small":"\/img\/OpencastLogo.png","logo_large":"\/img\/MatterhornLogo_large.png"}}} > > > -- > This must be something obvious about $FELIX/conf/security.xml or > $FELIX/conf/security/mh_default_org.xml > > > -Pawel > > > > _______________________________________________ > Matterhorn mailing list > [email protected] > http://lists.opencastproject.org/mailman/listinfo/matterhorn > > > To unsubscribe please email > [email protected] > _______________________________________________ _______________________________________________ Matterhorn mailing list [email protected] http://lists.opencastproject.org/mailman/listinfo/matterhorn To unsubscribe please email [email protected] _______________________________________________
