> On Sep 27, 2016, at 4:38 PM, Christopher Schultz > <ch...@christopherschultz.net> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Brian, > > Your email was tough to parse-out of the thread, so I'm going to > heavily edit-down the text. I hope I didn't miss anything. > > On 9/25/16 9:06 PM, Paquin, Brian wrote: >> I tried using the following in server.xml: <Realm >> className="org.apache.catalina.realm.UserDatabaseRealm" >> resourceName="UserDatabase"> <CredentialHandler >> className="org.apache.catalina.realm.MessageDigestCredentialHandler" >> algorithm="SHA-256" iterations=“24680" saltLength="18" /> </Realm> >> >> And then using: /usr/local/tomcat/bin/digest.sh -a SHA-256 -i 24680 >> -s 18 secret_password >> >> And got back: >> secret_password:9618b621a88fcee9c44aa93f39ddb063$58761$8ga9a0896a10f1b > 26w91729qfc3786d74ac95223e092faf996500dc532a74905 >> >> I then added that to my tomcat-users.xml: <user >> username=“my_username" >> password="9618b621a88fcee9c44aa93f39ddb063$58761$8ga9a0896a10f1b26w917 > 29qfc3786d74ac95223e092faf996500dc532a74905" >> roles=“manager-gui,admin,admin-gui”/> >> >> After stopping and starting Tomcat, manager asks for credentials >> but does not accept them. What have I got wrong? > > Is it still accepting them if you put the plaintext version of the > password into tomcat-users.xml?
I was able to get SHA-256 (with salt and iterations) working today - I had nested realms that were not working correctly. > >> (I was hoping to use PBKDF2 but it did not appear that digest.sh >> would accept PBKDF2 as an algorithm.) > > Try using "PBKDF2WithHmacSHA1" as the algorithm. To be clear - I use PBKDF2WithHmacSHA1 in both server.xml and in the digest.sh, right? Thank you, Brian > > [1] > https://tomcat.apache.org/tomcat-8.0-doc/config/credentialhandler.html#S > ecretKeyCredentialHandler > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJX6tjUAAoJEBzwKT+lPKRYMDUP/jLzRdR2tjsYAE5oRF87gtq7 > AJpxY19s2phoUFq9r5fMX4TL5eKCTqzonvqkwA6PcyOPjqK47lubnJWrHXEnyEFR > JCv0HM/8gYuKc5TJBbM2uOMJJhhXlOjmrQNHtwjCNU/pCzHtPfJdmiKDbtG39r/T > pWqG/SZrxmxupgPDnGeEEnp4azc5Wml0UP1KEHr+M2OCR2DZugRUi10MoDwPD+uV > WQ0suCztjYCU0MB98b6EHTZogl9xpRZaSj4MyAqmzQIr3bbuFAL5R886UEHMrJ0Z > ncbt8IqvyBoY6RFN8gqZDzRlCUjYB7mDz0swzU4Qptfvft51qQwgQp1LmZ9TZSfv > HKNMp8LOMIigzTwWxX/VrRksXlV+itl94IbbgVOrBLQ3sRMq+bg8uwmgZCY0Q46O > AgY4wEra5K4JJntJTSx0ttCrpgwP1r1MNdg8D2dQAPh7QBJ3X0NLApZ5aAnfpYJy > ar4iSSEx90meCrsukZcmOicqxaJ63vXbUqYuTTVlVm1N48J61wRMmQuNS2tPoMgH > nrPl/67xNwA+4iSe1pu1Hu0GVBPTGdWTgO4tOSupVhjS63OqXDxPOTlANgqGM7xW > PCk/gjtwRR4VK3caV7T+hZiHbyGZqyRlAVwA6J9cw0ASS4+1ZQYLwbBB0jOE4y0y > akjETJUf5x+5qyq0BWqA > =g6Ib > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
