Mark,
On 11/18/23 07:52, Mark Thomas wrote:
On 17/11/2023 19:36, Christopher Schultz wrote:
Is there any reason why SHA-256 is the default? MD5 is the historical
default / only implementation for HTTP DIGEST.
RFC 7616 (2015)
Chrome will choose SHA-256 if presented with a choice of SHA-256
On 17/11/2023 19:36, Christopher Schultz wrote:
Is there any reason why SHA-256 is the default? MD5 is the historical
default / only implementation for HTTP DIGEST.
RFC 7616 (2015)
Chrome will choose SHA-256 if presented with a choice of SHA-256 and MD5.
Mark
ager application.
Step 1:
Use the following user in tomcat-users.xml
Step 2:
Edit $CATALINA_BASE/webapps/manager/WEB-INF/web.xml
BASIC
changed to
DIGEST
Step 3:
Edit $CATALINA_BASE/webapps/manager/META-INF/context.xml to specify MD5
digest (rather than default of SHA-256)
...
Modify R
Ok thanks.
Got it is now working.
This step was missing.
We didn’t have to do this before.
No mention of having to edit Digest inside context.xml here
https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html
Tried SHA-256, couldn’t get it to work. But MD5 does.
Thanks again.
This e-mail
ager application.
Step 1:
Use the following user in tomcat-users.xml
Step 2:
Edit $CATALINA_BASE/webapps/manager/WEB-INF/web.xml
BASIC
changed to
DIGEST
Step 3:
Edit $CATALINA_BASE/webapps/manager/META-INF/context.xml to specify MD5
digest (rather than default of SHA-256)
...
Modify R
mcat-users.xml
Step 2:
Edit $CATALINA_BASE/webapps/manager/WEB-INF/web.xml
BASIC
changed to
DIGEST
Step 3:
Edit $CATALINA_BASE/webapps/manager/META-INF/context.xml to specify MD5
digest (rather than default of SHA-256)
...
Modify Realm configuration in server.xml
Calculate pass
line # 1154 in Realmbase.java we read.
String digestValue = username + ":" + realmName + ":" + getPassword(username);
The method getPassword(username) is using the digested password, when it should
use the clear text password.
Here is how I run digest in powershell.
.\dig
+ getPassword(username);
The method getPassword(username) is using the digested password, when it should
use the clear text password.
Here is how I run digest in powershell.
.\digest.bat -a MD5 -i 1 -s 0 tomcat:UserDatabase:nobueno
RealmBase.java is not using the clear text password, instead i
on the popup box.
From: Peter Otto
Date: Monday, November 13, 2023 at 11:05 AM
To: Tomcat Users List
Subject: Re: CredentialHandler not working for MD5
Chris,
Running the debugger, I found out the DigestAuthenticator wants to use SHA-256.
8 months ago there was a change for RFC 7616.
https://u
digest equals the
clientDigest, then it works.
The way I understand it, the clientDigest comes from the client entering in the
username/pwd on the popup box.
From: Peter Otto
Date: Monday, November 13, 2023 at 11:05 AM
To: Tomcat Users List
Subject: Re: CredentialHandler not working for MD5
code so it was forced to use MD5 only.
But In the RealmBase, I really don’t understand what getDigest is doing.
When I create a MD5 digest, I use Username:Realm:Password.
In the code it is using Nonce, nc, cnonce, gop…..
From: Christopher Schultz
Date: Friday, November 10, 2023 at 1:44 PM
To
g done when you try to authenticate.
-chris
From: Christopher Schultz
Date: Friday, November 10, 2023 at 12:35 PM
To: users@tomcat.apache.org
Subject: Re: CredentialHandler not working for MD5
Peter,
On 11/10/23 13:27, Peter Otto wrote:
Logging into manager using MD5 works in 9.0.73 but now
@tomcat.apache.org
Subject: Re: CredentialHandler not working for MD5
Peter,
On 11/10/23 13:27, Peter Otto wrote:
> Logging into manager using MD5 works in 9.0.73 but now fails in
> 9.0.74->current
> Steps to reproduce.
>
> Step 1. Run C:\tomcat\bin> .\digest
Peter,
On 11/10/23 13:27, Peter Otto wrote:
Logging into manager using MD5 works in 9.0.73 but now fails in 9.0.74->current
Steps to reproduce.
Step 1. Run C:\tomcat\bin> .\digest.bat -a md5 -s 0 -i 1
tomcat:UserDatabase:nobueno
tomcat:UserDatabase:nobueno:bb6c1c32b9b6df4f707c0e58f2
Logging into manager using MD5 works in 9.0.73 but now fails in 9.0.74->current
Steps to reproduce.
Step 1. Run C:\tomcat\bin> .\digest.bat -a md5 -s 0 -i 1
tomcat:UserDatabase:nobueno
tomcat:UserDatabase:nobueno:bb6c1c32b9b6df4f707c0e58f2c900e0
Step 2. Use the digest # and place it in
On 16/03/2015 11:23, Igor Mukhin wrote:
> Mark,
>
> thanks you, now I understand how it is build.
>
> I think that I have to use plain MD5 without salt if I want to use DIGEST
> authentication.
Correct.
> Tomcat 8 documentation should say that people have to use "
Mark,
thanks you, now I understand how it is build.
I think that I have to use plain MD5 without salt if I want to use DIGEST
authentication. Tomcat 8 documentation should say that people have to use "-s
0" flag and copy md5 just after the last $-sign.
Mit freundlichen Grüßen
I
On 16/03/2015 10:22, Igor Mukhin wrote:
> Hello,
>
> I just tried to execute on Tomcat 8.0.20 :
> digest.bat -a MD5 myusername:myrealm:mypassword
> and it replyed with:
>
> myusername:myrealm:mypassword:283c7c0d977648d4dc3def5a20e2a595701a754244bae
Hello,
I just tried to execute on Tomcat 8.0.20 :
digest.bat -a MD5 myusername:myrealm:mypassword
and it replyed with:
myusername:myrealm:mypassword:283c7c0d977648d4dc3def5a20e2a595701a754244baec7153d40e8ee30ff6a5$1$f47f1b081edd3627ed24d67274dd6e15
I used this long MD5
On 07/12/2010 11:14, mike lan wrote:
Hello everyone,
is there a way to do FORM based authentication in tomcat
but with MD5 encrypted password ?
Yes. Read the realm docs for details.
Mark
-
To unsubscribe, e-mail: users
Hello everyone,
is there a way to do FORM based authentication in tomcat
but with MD5 encrypted password ?
thanks
You are using the wrong util (at least in a wrong way).
> md5 -s apache-tomcat-6.0.26.zip
MD5 ("apache-tomcat-6.0.26.zip") = d0892b5662287d18c06b167c4bba249d
This command seems to hash the argument instead of the file.
This IS the hash of the string.
Try
> md5sum apache-t
newline?
On Thu, May 6, 2010 at 4:56 PM, János Löbb wrote:
> Folks,
>
> What am I doing wrong here ?
>
> bash-3.2# md5 -s apache-tomcat-6.0.26.zip
> MD5 ("apache-tomcat-6.0.26.zip") = d0892b5662287d18c06b167c4bba249d
> bash-3.2# cat a
2010/5/6 János Löbb :
> Folks,
>
> What am I doing wrong here ?
>
> bash-3.2# md5 -s apache-tomcat-6.0.26.zip
> MD5 ("apache-tomcat-6.0.26.zip") = d0892b5662287d18c06b167c4bba249d
> bash-3.2# cat apache-tomcat-6.0.26.zip.md5.txt
> 6bf77c1c820a0e7c1a1fb6463c0a2
Folks,
Sorry for the previous post. In the meantime I realized the meaning of the -s
flag :-)
János
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Folks,
What am I doing wrong here ?
bash-3.2# md5 -s apache-tomcat-6.0.26.zip
MD5 ("apache-tomcat-6.0.26.zip") = d0892b5662287d18c06b167c4bba249d
bash-3.2# cat apache-tomcat-6.0.26.zip.md5.txt
6bf77c1c820a0e7c1a1fb6463c0a2a1d
t was downloadad yesterday from the Tomcat site.
Th
2008/9/10 Niki Diulgerov <[EMAIL PROTECTED]>:
> I implemented aide monitoring on tomcat (and the webapps) yesterday and
> today faced a very strange problem.
> tomcat-users.xml seems the same file (it contents) but aide reports MD5 and
> SHA different checksums.
> is it pos
hello There,
I implemented aide monitoring on tomcat (and the webapps) yesterday and
today faced a very strange problem.
tomcat-users.xml seems the same file (it contents) but aide reports MD5
and SHA different checksums.
is it possible that on restart apache tomcat to change (or recreate
Hi Mark.
Thanks for the swift response. I've just upgraded to 5.5.26 (5 minutes ago)
and the digest auth is all working with the newer release. I guess it may
just have been broken in 5.0.28.
Cheers. Dan
--
View this message in context:
http://www.nabble.com/auth-mode%3DDIGEST-an
lunarfish wrote:
Hi Mark - I appear to have the same issue here.
What I've done is changed the default UserDatabase realm, added digest='MD5'
and digested the passwords in the file. This works fine.
I've then changed web.xml to DIGEST authentication and re-diges
Hi Mark - I appear to have the same issue here.
What I've done is changed the default UserDatabase realm, added digest='MD5'
and digested the passwords in the file. This works fine.
I've then changed web.xml to DIGEST authentication and re-digested the
passwords as user:U
[EMAIL PROTECTED] wrote:
>
> I have this setup working on my Windows development computer under
> Tomcat 5.5. Everything works fine. I get a hash value from Oracle and
> pass it back to Tomcat on request.
>
> BUT! I can't get it to work in test environment on Solaris under Tomcat
> 5.0.28. The m
Hi,
I have this setup working on my Windows development computer under
Tomcat 5.5. Everything works fine. I get a hash value from Oracle and
pass it back to Tomcat on request.
BUT! I can't get it to work in test environment on Solaris under Tomcat
5.0.28. The major difference in configura
> From: Tim Funk [mailto:[EMAIL PROTECTED]
> If you have an evil admin, there is nothing stopping the him from
> sniffing the network, or starting tomcat with a debugger
> which can look
> at the memory or {insert evil action here} ;)
Sure. Or do the old trick we used to do with Suns - L1-A o
If you have an evil admin, there is nothing stopping the him from
sniffing the network, or starting tomcat with a debugger which can look
at the memory or {insert evil action here} ;)
-Tim
Peter Crowther wrote:
From: Nelson, Tracy M. [mailto:[EMAIL PROTECTED]
An easier approach might be to wr
> From: Nelson, Tracy M. [mailto:[EMAIL PROTECTED]
> An easier approach might be to write your encrypting logger
> as a filter
> and have it take its input from a named pipe.
I thought about suggesting that, but there's a weak point - there's
nothing to stop an admin killing the encrypting logge
| From: Yulius [mailto:[EMAIL PROTECTED]
| Sent: Wednesday, 20 June, 2007 05:07
|
| I'm currently need to do the encryption towards the log files that
has
| been created by the webserver and the webapplication, so that only
those
| who has the password to decrypt the log files can read them.
So
gging engines... getting it back will require
some parsing.
Thats different good luck
- Original Message -
From: "Yulius" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, June 20, 2007 12:06 PM
Subject: Encrypt Tomcat 4.1 log and log4j.properties log with MD5
Hi,
I
a few times.
Think you need to explain more, maybe can find another way I
dont think this is an option.
- Original Message - From: "Yulius" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, June 20, 2007 12:06 PM
Subject: Encrypt Tomcat 4.1 log and log4j.properties log
t: Encrypt Tomcat 4.1 log and log4j.properties log with MD5
Hi,
I'm currently need to do the encryption towards the log files that has
been created by the webserver and the webapplication, so that only those
who has the password to decrypt the log files can read them.
Is there
s complete waste of time.
Further more your readers would need decryption as well, and you would
need to create some sort of a database for username/password/key mappings,
because your security would be jeopardized pretty soon if you share a
common key.
BTW, MD5 is not encryption algorithm but rath
md5 is a one way hash - so "encrypting" your log files with md5 will
yield unreadable files
Tomcat out of the box doesn't have anything like this. You would need to
do the following write your own log4j appenders (or whatever they are
called) which encrypt the data. Since log4j
Hi,
I'm currently need to do the encryption towards the log files that has been
created by the webserver and the webapplication, so that only those who has the
password to decrypt the log files can read them.
Is there a way to solve this issue?
Thanks in advance
Yulius
"'Martin Gainty'"
<[EMAIL PROTECTED]>
Sent: Sunday, May 21, 2006 6:45 AM
Subject: RE: JDBCRealm authentication failing with MD5
Martin
Thanks for the reply. I already went through a similar page, but with no
success.
Subsequent to your reply I k
caused some problem,
since although the digest looked similar, it was not.
Thanks for the help
Regards,
Rian
-Original Message-
From: Martin Gainty [mailto:[EMAIL PROTECTED]
Sent: 20 May 2006 15:56
To: Tomcat Users List
Subject: Re: JDBCRealm authentication failing with MD5
Good
Good Morning Rian-
I would suggest having a look at and following all of the steps in the JDBC
How to tutorial at
http://tomcat.apache.org/tomcat-3.3-doc/JDBCRealm-howto.html
the important item here is to exercise the basic functionality of generating
a digested MD5 password which can be
Hi all
I am trying to set up a security realm on Tomcat using JDBCRealm and MD5
encryption. It works perfectly when using plain text, but it fails the
moment I switch to a MD5 digest. I have been through the documentation,
forums and FAQ's but I am afraid I can not resolve this on my ow
Hi Mark,
Thanks,
I have installed jre1.5 now its working ..
Thanks once again,
Nagendra
-Original Message-
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: Sunday, May 14, 2006 3:35 AM
To: Tomcat Users List
Subject: Re: Help with MD5 key generation with tomcat 5
Devireddy, Nagendra
Devireddy, Nagendra Reddy (STSD) wrote:
> No , My jre version is 1.4.2 ..
>
> Thanks,
> Nagendra
As the last poster was hinting at, you need to be running a 1.5 JRE or
install the 1.4 compat(ibility) download.
Mark
-
To unsubs
Am Samstag, den 13.05.2006, 15:13 +0530 schrieb Devireddy, Nagendra
Reddy (STSD):
> Hi,
>
> I am trying to generate MD5 Password using tomcat 5.
>
> "$JAVA_PATH"/bin/java -classpath
> "$CATALINATHOME"/server/lib/catalina.jar
> org.apache.catalina.re
Hi,
I am trying to generate MD5 Password using tomcat 5.
"$JAVA_PATH"/bin/java -classpath
"$CATALINATHOME"/server/lib/catalina.jar
org.apache.catalina.realm.RealmBase -a MD5 TESTMESSAGE
Its throwing the following error ..
Exception in thread "main" java.la
No , My jre version is 1.4.2 ..
Thanks,
Nagendra
-Original Message-
From: Tim Lucia [mailto:[EMAIL PROTECTED]
Sent: Friday, May 12, 2006 4:28 PM
To: 'Tomcat Users List'
Subject: RE: Help with MD5 key generation with tomcat 5
Are you running a 1.5+ JRE?
-Original Message
Are you running a 1.5+ JRE?
-Original Message-
From: Devireddy, Nagendra Reddy (STSD) [mailto:[EMAIL PROTECTED]
Sent: Friday, May 12, 2006 2:50 AM
To: Tomcat Users List
Subject: Help with MD5 key generation with tomcat 5
Hi I am getting the following error after executing this command
Hi I am getting the following error after executing this command ..
"$JRE"/bin/java -classpath "$CATALINA_HOME"/server/lib/catalina.jar
org.apache.catalina.realm.RealmBase -a MD5 nagendra
Exception in thread "main" java.lang.NoClassDefFoundError:
java
with a standard JDBC realm using MD5 digested passwords?
I've just tried changing an existing app with BASIC authentication to
DIGEST and it stopped authenticating me. I tried all sorts of web.xml
combinations but nothing worked until I put it back to BASIC.
If you switch from BASIC auth +
digby wrote:
> Is there anything to be aware of when (confusingly) you're doing DIGEST
> authentication with a standard JDBC realm using MD5 digested passwords?
>
> I've just tried changing an existing app with BASIC authentication to
> DIGEST and it stopped authenticat
Is there anything to be aware of when (confusingly) you're doing DIGEST
authentication with a standard JDBC realm using MD5 digested passwords?
I've just tried changing an existing app with BASIC authentication to
DIGEST and it stopped authenticating me. I tried all sorts
Hi,
Does anybody know how to tell Tomcat 5.5.12 to send HTTP 1.1 Content-MD5
response headers? I can't seem to find any configuration settings for
this. Our goal is to evaluate the performance impact and perhaps use
the MD5 digests as a way of validating file integrity. Any help woul
58 matches
Mail list logo