NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
I made a typo in the "massaged" URL but I confirm I can access the
admin/debug page with the default password "admin" from the docker image
unidata/thredds-docker:4.6.14 via http (unsecured), no redirect observed.
Also the admin password hash from the stock tomcat-users.xml in the
docker image is like this
<user username="admin"
password="d033e22ae348aeb5660fc2140aec35850c4da997"
roles="tdsConfig,tdsMonitor"/>
The hash is much shorter than when generated following the instructions
for the same password "admin".
Long
-------- Original Message --------
From: Julien Chastang <chastang@xxxxxxxx>
Subject: [thredds] Hashed password for tomcat-users.xml is not
consistent so unable to login
Date: Friday, September 20, 2019, 13:41
To: Sean Arms <sarms@xxxxxxxx>
Cc: Vu , Long <vu.long@xxxxxxxxxx>, thredds@xxxxxxxxxxxxxxxx
<thredds@xxxxxxxxxxxxxxxx>
It is thredds *NOT* thedds. See typos above. Maybe that is the confusion
here.
For background info, see this article on password hashing and salting:
https://auth0.com/blog/hashing-passwords-one-way-road-to-security/
On Fri, Sep 20, 2019 at 11:26 AM Sean Arms <sarms@xxxxxxxx
<mailto:sarms@xxxxxxxx>> wrote:
Greetings!
This isn't a bug - what you are seeing are salted, hashed passwords.
Each time you run the digest script, a different salt is being used,
so the overall hash changes. The format of the string returned by
Tomcat's digest.sh is:
{user}:{salt}${iterations}${digest}
For more information, see
https://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#Digested_Passwords
When you try to log into http://<my host>:8080/thedds/admin/debug,
are you getting redirected to https, because the admin interface to
the TDS requires that you are accessing it over a secure connection.
If you are not getting redirected to https://<my host>:8443 or
similar, that would be why you cannot log into the admin interface.
Cheers,
Sean
On Fri, Sep 20, 2019 at 10:13 AM Vu , Long <vu.long@xxxxxxxxxx
<mailto:vu.long@xxxxxxxxxx>> wrote:
Hi,
I followed instructions here
https://github.com/Unidata/thredds-docker#h20B33C74 which leads
to here
https://github.com/Unidata/tomcat-docker#digested-passwords.
As you can see below, I tried to hash "admin" 4 times and "super" 3
times and I am getting completely different result each time.
Consequently I am unable to login to http://<my
host>:8080/thedds/admin/debug with the password I have chosen
because
probably the hash calculated on server side is different so the
2 hashes
did not match !
What did I do wrong so I should log a bug for this?
11:47 $ docker run unidata/thredds-docker:4.6.14
/usr/local/tomcat/bin/digest.sh -a "SHA" admin
admin:7e7e81ea10686b0648bffa9edafd0b7f60eacc5145d97dd1d357cbc193060aed$1$ab2c3ddcb23f65a9b6e3f204958dd463336c283f
12:00 $ docker run unidata/thredds-docker:4.6.14
/usr/local/tomcat/bin/digest.sh -a "SHA" admin
admin:8446588eec143b0decac02be49993bcc56e4b16a4187ce15a2727f267d7f1306$1$e771b647858a86ff580290077b5df357f5c20650
12:00 $ docker run unidata/thredds-docker:4.6.14
/usr/local/tomcat/bin/digest.sh -a "SHA" admin
admin:ee16b99f11c0eeba71a6a821fba1e8b09f273ab032c13d2ce7ec5eeab2a1e7cc$1$bab5606e5cbb0ae1bca38c0f5bd15d656fe72085
12:00 $ docker run unidata/thredds-docker:4.6.14
/usr/local/tomcat/bin/digest.sh -a "SHA" admin
admin:4ec71242066de4912869026a017f7ebeb59bdaec4de40ba8ac9ff694229c2084$1$a0c61f7703b080e3bcfcdb2579854df45d2abcdd
12:00 $ docker run unidata/thredds-docker:4.6.14
/usr/local/tomcat/bin/digest.sh -a "SHA" super
super:f423f534302461b1829891a2e1fcdbf7ffa2c06721a51b3b12cd70695ce4cdec$1$cc6c5d231b0f522c20606139619052fba3f5a257
12:01 $ docker run unidata/thredds-docker:4.6.14
/usr/local/tomcat/bin/digest.sh -a "SHA" super
super:eace3dbabc0275bd6f5a745eb55b3e3de729e8d835882e4469d066eae1a19f9d$1$7f3e8561201bdac50e328dbc89f9383b5d26d47a
12:01 $ docker run unidata/thredds-docker:4.6.14
/usr/local/tomcat/bin/digest.sh -a "SHA" super
super:afc94d3d0885e8e81cc02ba26642085563a3edb3f375afe2c0f92068b43610b9$1$b6c57eae754e062469887ecc101df9adbe1a404d
_______________________________________________
NOTE: All exchanges posted to Unidata maintained email lists are
recorded in the Unidata inquiry tracking system and made publicly
available through the web. Users who post to any of the lists we
maintain are reminded to remove any personal information that they
do not want to be made public.
thredds mailing list
thredds@xxxxxxxxxxxxxxxx <mailto:thredds@xxxxxxxxxxxxxxxx>
For list information or to unsubscribe, visit:
https://www.unidata.ucar.edu/mailing_lists/
_______________________________________________
NOTE: All exchanges posted to Unidata maintained email lists are
recorded in the Unidata inquiry tracking system and made publicly
available through the web. Users who post to any of the lists we
maintain are reminded to remove any personal information that they
do not want to be made public.
thredds mailing list
thredds@xxxxxxxxxxxxxxxx <mailto:thredds@xxxxxxxxxxxxxxxx>
For list information or to unsubscribe, visit:
https://www.unidata.ucar.edu/mailing_lists/
--
Julien Chastang
Scientific Software Developer
Unidata-UCAR
thredds archives: