Configuration of encrypted passwords failing using digest.sh in CCS Apache Tomcat
search cancel

Configuration of encrypted passwords failing using digest.sh in CCS Apache Tomcat

book

Article ID: 376349

calendar_today

Updated On:

Products

COMMON SERVICES FOR Z/OS

Issue/Introduction

In CCS Apache Tomcat, encryption of 'manager' password using delivered digest.sh script is not working.

Once password is encrypted, unable to logon to the manager app.

Environment

Release 15.0

Cause

MD5 algorithm is specified in Tomcat Manager configuration, however many browsers (ie: Chrome) will choose SHA-256. 

Because Chrome is choosing SHA-256 and the digested password in Tomcat is MD5, this will cause a failed login.

Resolution

  1. In Manager web-INF/web.xml, ensure <login.config> specifies DIGEST method, not BASIC, see below:

    <login-config>                     
      <auth-method>DIGEST</auth-method>
      <realm-name>{realm}</realm-name>    
    </login-config>                    

  2. Rerun digest.sh using SHA-256

    . /digest.sh -s 0 -a sha-256 -e ISO8859-1 password

  3. In tomcat-users.xml and TOMSVXML or server.xml change "MD5" to "SHA-256"
Powered by Wolken Software