Thank you! This is exactly something I have expected. And thank you for the information. It acutally is very useful. The documentation is up to date - it was my bad.
-Pawel ps Actually I was using appropriate user at the beginning, but I have changed it while testing and assuming (bad) that those two work exactly the same (return value for: info/me.json was the same - but this was my bad.) --- On Thu, 9/22/11, Josh Holtzman <[email protected]> wrote: > From: Josh Holtzman <[email protected]> > Subject: Re: [Opencast Matterhorn] Matterhorn 1.2. CA Authorization > To: "Opencast Matterhorn" <[email protected]> > Date: Thursday, September 22, 2011, 3:08 PM > This is a long prelude to a simple > answer, but please bear with me. > > In 1.1, all passwords were stored in clear text. The > thinking was that nobody would use the default user > provider. It was just meant to demonstrate how a real > user provider would work. Realizing that people really > do want to use this provider, even in production, I made a > change in 1.2 that stored passwords as a salted md5 hash. > > Digest auth does not work without the ability to compare > the credentials provided at runtime with a stored clear text > password. Hashing passwords therefore disabled digest > auth for most users. > > The one exception to this is the "system account". > This user/password combination is set in config.properties > (see org.opencastproject.security.digest.user and > org.opencastproject.security.digest.pass), and has a clear > text password that is stored in memory, never on disk. > The system account can therefore use digest auth, but can > not log in via the UI. All other accounts can log in > via the UI, but not via digest auth. The result is a > far more secure Matterhorn 1.2, and apparently some out of > date documentation. > > So you can keep using those curl commands, just change the > user/password that you've chosen from admin:opencast to the > system account user:pass that you've set in > config.properties. > > Hope that helps, > Josh > > > On Sep 22, 2011, at 3:17 AM, Pawel Fic wrote: > > > Hi, > > I do not want to force an open door. > > > > Reffering to article: > > http://opencast.jira.com/wiki/display/MH/Remote+Services > > With MH 1.1. I used: > > > > curl -I -H "X-Requested-Auth: Digest" --digest > -uadmin:opencast URL > > > > worked well with 1.1. > > With 1.2. it fails with HTTP/1.1 401 Incorrect > response. > > > > I am trying two requests: > > curl -I -H "X-Requested-Auth: Digest" --digest > -uadmin:opencast http://mhserver:8080/welcome.html > > > > and: > > curl -H "X-Requested-Auth: Digest" --digest > -uadmin:opencast http://mhserver:8080/info/me.json > > > > > > and getting: > > For MH1.1: > > welcome.html > > > > For MH1.2: > > HTTP/1.1 401 Full authentication is required to access > this resource > > HTTP/1.1 401 Incorrect response > > > > > > and: > > For MH1.1: > > > {"username":"admin","roles":["ROLE_ADMIN","ROLE_USER"]} > > > > > > For MH1.2: > > > {"username":"mh_anonymous","roles":["anonymous"],"org":{"id":"mh_default_org","anonymousRole":"anonymous","name":"Opencast > Project","adminRole":"ROLE_ADMIN","properties":{"logo_small":"\/img\/OpencastLogo.png","logo_large":"\/img\/MatterhornLogo_large.png"}}} > > > > > > -- > > This must be something obvious about > $FELIX/conf/security.xml or > $FELIX/conf/security/mh_default_org.xml > > > > > > -Pawel > > > > > > > > _______________________________________________ > > Matterhorn mailing list > > [email protected] > > http://lists.opencastproject.org/mailman/listinfo/matterhorn > > > > > > To unsubscribe please email > > [email protected] > > _______________________________________________ > > _______________________________________________ > Matterhorn mailing list > [email protected] > http://lists.opencastproject.org/mailman/listinfo/matterhorn > > > To unsubscribe please email > [email protected] > _______________________________________________ > _______________________________________________ Matterhorn mailing list [email protected] http://lists.opencastproject.org/mailman/listinfo/matterhorn To unsubscribe please email [email protected] _______________________________________________
