Re: [thredds] Hashed password for tomcat-users.xml is not consistent so unable to login

To: Sean Arms <sarms@xxxxxxxx>
Subject: Re: [thredds] Hashed password for tomcat-users.xml is not consistent so unable to login
From: Julien Chastang <chastang@xxxxxxxx>
Date: Fri, 20 Sep 2019 11:41:19 -0600

It is thredds *NOT* thedds. See typos above. Maybe that is the confusion
here.

For background info, see this article on password hashing and salting:
https://auth0.com/blog/hashing-passwords-one-way-road-to-security/

On Fri, Sep 20, 2019 at 11:26 AM Sean Arms <sarms@xxxxxxxx> wrote:

> Greetings!
>
> This isn't a bug - what you are seeing are salted, hashed passwords. Each
> time you run the digest script, a different salt is being used, so the
> overall hash changes. The format of the string returned by Tomcat's
> digest.sh is:
>
> {user}:{salt}${iterations}${digest}
>
> For more information, see
> https://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#Digested_Passwords
>
> When you try to log into http://<my host>:8080/thedds/admin/debug, are
> you getting redirected to https, because the admin interface to the TDS
> requires that you are accessing it over a secure connection. If you are not
> getting redirected to https://<my host>:8443 or similar, that would be
> why you cannot log into the admin interface.
>
> Cheers,
>
> Sean
>
> On Fri, Sep 20, 2019 at 10:13 AM Vu , Long <vu.long@xxxxxxxxxx> wrote:
>
>> Hi,
>>
>> I followed instructions here
>> https://github.com/Unidata/thredds-docker#h20B33C74 which leads to here
>> https://github.com/Unidata/tomcat-docker#digested-passwords.
>>
>> As you can see below, I tried to hash "admin" 4 times and "super" 3
>> times and I am getting completely different result each time.
>>
>> Consequently I am unable to login to http://<my
>> host>:8080/thedds/admin/debug with the password I have chosen because
>> probably the hash calculated on server side is different so the 2 hashes
>> did not match !
>>
>> What did I do wrong so I should log a bug for this?
>>
>> 11:47 $ docker run unidata/thredds-docker:4.6.14
>> /usr/local/tomcat/bin/digest.sh -a "SHA" admin
>>
>> admin:7e7e81ea10686b0648bffa9edafd0b7f60eacc5145d97dd1d357cbc193060aed$1$ab2c3ddcb23f65a9b6e3f204958dd463336c283f
>>
>> 12:00 $ docker run unidata/thredds-docker:4.6.14
>> /usr/local/tomcat/bin/digest.sh -a "SHA" admin
>>
>> admin:8446588eec143b0decac02be49993bcc56e4b16a4187ce15a2727f267d7f1306$1$e771b647858a86ff580290077b5df357f5c20650
>>
>> 12:00 $ docker run unidata/thredds-docker:4.6.14
>> /usr/local/tomcat/bin/digest.sh -a "SHA" admin
>>
>> admin:ee16b99f11c0eeba71a6a821fba1e8b09f273ab032c13d2ce7ec5eeab2a1e7cc$1$bab5606e5cbb0ae1bca38c0f5bd15d656fe72085
>>
>> 12:00 $ docker run unidata/thredds-docker:4.6.14
>> /usr/local/tomcat/bin/digest.sh -a "SHA" admin
>>
>> admin:4ec71242066de4912869026a017f7ebeb59bdaec4de40ba8ac9ff694229c2084$1$a0c61f7703b080e3bcfcdb2579854df45d2abcdd
>>
>> 12:00 $ docker run unidata/thredds-docker:4.6.14
>> /usr/local/tomcat/bin/digest.sh -a "SHA" super
>>
>> super:f423f534302461b1829891a2e1fcdbf7ffa2c06721a51b3b12cd70695ce4cdec$1$cc6c5d231b0f522c20606139619052fba3f5a257
>>
>> 12:01 $ docker run unidata/thredds-docker:4.6.14
>> /usr/local/tomcat/bin/digest.sh -a "SHA" super
>>
>> super:eace3dbabc0275bd6f5a745eb55b3e3de729e8d835882e4469d066eae1a19f9d$1$7f3e8561201bdac50e328dbc89f9383b5d26d47a
>>
>> 12:01 $ docker run unidata/thredds-docker:4.6.14
>> /usr/local/tomcat/bin/digest.sh -a "SHA" super
>>
>> super:afc94d3d0885e8e81cc02ba26642085563a3edb3f375afe2c0f92068b43610b9$1$b6c57eae754e062469887ecc101df9adbe1a404d
>> _______________________________________________
>> NOTE: All exchanges posted to Unidata maintained email lists are
>> recorded in the Unidata inquiry tracking system and made publicly
>> available through the web.  Users who post to any of the lists we
>> maintain are reminded to remove any personal information that they
>> do not want to be made public.
>>
>>
>> thredds mailing list
>> thredds@xxxxxxxxxxxxxxxx
>> For list information or to unsubscribe,  visit:
>> https://www.unidata.ucar.edu/mailing_lists/
>>
> _______________________________________________
> NOTE: All exchanges posted to Unidata maintained email lists are
> recorded in the Unidata inquiry tracking system and made publicly
> available through the web.  Users who post to any of the lists we
> maintain are reminded to remove any personal information that they
> do not want to be made public.
>
>
> thredds mailing list
> thredds@xxxxxxxxxxxxxxxx
> For list information or to unsubscribe,  visit:
> https://www.unidata.ucar.edu/mailing_lists/
>


-- 
Julien Chastang
Scientific Software Developer
Unidata-UCAR

Follow-Ups:
- Re: [thredds] Hashed password for tomcat-users.xml is not consistent so unable to login
  - From: Vu , Long

References:
- [thredds] Hashed password for tomcat-users.xml is not consistent so unable to login
  - From: Vu , Long
- Re: [thredds] Hashed password for tomcat-users.xml is not consistent so unable to login
  - From: Sean Arms

2019 messages navigation, sorted by:
1. Thread
2. Subject
3. Author
4. Date
5. ↑ Table Of Contents
Search the thredds archives: