RE: Tomcat 8.5.5 variables

[Chandrashekar H . S]

Can be done by setting the CATALINA_OPTS and JAVA_OPTS in bin/setenv.sh file

-Original Message-
From: Linux Support [mailto:ossuppor...@gmail.com] 
Sent: 26 September 2016 10:17
To: Tomcat Users List 
Subject: Tomcat 8.5.5 variables

Hi All,

The environment :

Using CATALINA_BASE:   /apps/TOMCAT/tomcat
Using CATALINA_HOME:   /apps/TOMCAT/tomcat
Using CATALINA_TMPDIR: /apps/TOMCAT/tomcat/temp
Using JRE_HOME:/usr
Using CLASSPATH:
/apps/TOMCAT/tomcat/bin/bootstrap.jar:/apps/TOMCAT/tomcat/bin/tomcat-juli.jar
Server version: Apache Tomcat/8.5.5
Server built:   Aug 31 2016 19:51:16 UTC
Server number:  8.5.5.0
OS Name:SunOS
OS Version: 5.11
Architecture:   sparcv9
JVM Version:1.8.0_92-b14
JVM Vendor: Oracle Corporation

I need to setup CATALINA_OPTS and JAVA_OPTS for the application to be deployed. 
Where do i set them up ? Am i to create a environment.sh file in 
CATALINA_HOME/bin ?

Further, will the catalina.sh start invoke those variables defined ?

Cheers
OSP

Tomcat 8.5.5 variables

[Linux Support]

Hi All,

The environment :

Using CATALINA_BASE:   /apps/TOMCAT/tomcat
Using CATALINA_HOME:   /apps/TOMCAT/tomcat
Using CATALINA_TMPDIR: /apps/TOMCAT/tomcat/temp
Using JRE_HOME:/usr
Using CLASSPATH:
/apps/TOMCAT/tomcat/bin/bootstrap.jar:/apps/TOMCAT/tomcat/bin/tomcat-juli.jar
Server version: Apache Tomcat/8.5.5
Server built:   Aug 31 2016 19:51:16 UTC
Server number:  8.5.5.0
OS Name:SunOS
OS Version: 5.11
Architecture:   sparcv9
JVM Version:1.8.0_92-b14
JVM Vendor: Oracle Corporation

I need to setup CATALINA_OPTS and JAVA_OPTS for the application to be
deployed. Where do i set them up ? Am i to create a environment.sh file in
CATALINA_HOME/bin ?

Further, will the catalina.sh start invoke those variables defined ?

Cheers
OSP

Re: Using hashes in tomcat-users.xml

[Paquin, Brian]

On Sep 14, 2016, at 5:37 PM, Christopher Schultz 
> wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Brian,

On 9/14/16 3:40 PM, Paquin, Brian wrote:
I was able to setup Tomcat 8.0.35 to use a SHA hashed password in
tomcat-users.xml (trying to secure the Manager app a bit more),
but the same setup does not work on 8.5.5.

Is there something I need to change to get this to work again?

Yes.

server.xml engine:  
   


Command to generate hash that was used as the user’s password in
tomcat-users.xml: /usr/local/tomcat/bin/digest.sh -a SHA
my_password

In 8.5.5, I can login to Manager if I replace the SHA hash with
the plaintext version of the password…

I read through
https://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html, but
still can’t get it to work.

Have a look at http://tomcat.apache.org/migration-85.html,
specifically http://tomcat.apache.org/migration-85.html#Internal_APIs

Note that SHA passwords are no better than plaintext passwords. If you
want to *actually* add some security, you need to at least use salted
passwords. Better yet, use a PBKDF.

I tried using the following in server.xml:

  


And then using:
/usr/local/tomcat/bin/digest.sh -a SHA-256 -i 24680 -s 18 secret_password

And got back:
secret_password:9618b621a88fcee9c44aa93f39ddb063$58761$8ga9a0896a10f1b26w91729qfc3786d74ac95223e092faf996500dc532a74905

I then added that to my tomcat-users.xml:


After stopping and starting Tomcat, manager asks for credentials but does not 
accept them.
What have I got wrong?

(I was hoping to use PBKDF2 but it did not appear that digest.sh would accept 
PBKDF2 as an algorithm.)

Brian

You might want to have a look at this presentation:
http://people.apache.org/~schultz/ApacheCon%20NA%202016/Seamless%20Upgra
des%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX2cL/AAoJEBzwKT+lPKRYm7AP/jW9ux3JM/zsSJjPymE/xPMw
/mpI1Jh2kCViRA+wF9vWcuuHN/T/ib5MwinYdZnqwvtddRQUoBY5jKKcjieJWhFo
UwdSZGmXGHOtJMyB+9DPIo17HuuSmxMNXDILCAaMd8pXvKZgsPJv4x9/lPC5uHyJ
SpSJ9vcc6NKDzQq8AV/F9Q17HCaGPkl1Vi2d+Sbpvcm5vdqgKcDlGcOe6exUlIWP
pMiOkvo+hEG77WpGKz1E2C0gBz3O1vs2AKwzWP3gmh10NinUNvfzPY9iqAylFNAq
c5Mk+rvliCcQWss+O54IfbVO2dYElbcy3hktn4X7h1UOxSuw6qGJ3HeKsUBKlIho
5rL9J8nwkF+lechxVgdh4Q8CWJVZ5AsicmwMnd88o00TG8fO0XAb3oM496I0meLg
xeiOTexg8S0RPLVFnCQ8mckaeTVzooLzuezJLAXO4YUnEZJHPrehR+ZL8Oblk6Fa
102AA+LFpCkW1L0JEFMrpCzmEc3Ue6VMVPeNorfTv/u2MBFfM+hpR0kmeDURUoA8
C+i0Z4GHxRVL7M96ba2Irxs4eNkCV2v9IvCsgnz3LTXKuAggd/6dCTEPYEkE2sTO
Tju+To9xWVudj6gwmya7SfNeKxb4PECBP4NgD5uRoljNDJNW1Eu80m7C2cxRGao8
LXmKRsuWXsrTt6OOA9wZ
=2Z2D
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: 
users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: 
users-h...@tomcat.apache.org

[Yale Pathology Logo]
Brian Paquin
Help Desk Support Yale Pathology ITS
---
310 Cedar St. BML B50
New Haven, CT 06520
203-785-3691-office
203-785-2403-fax