Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace custom file format of encrypted console password by openssl format #1616

Closed
Tracked by #1543
tfr42 opened this issue Dec 4, 2023 · 3 comments · Fixed by #1708
Closed
Tracked by #1543

Replace custom file format of encrypted console password by openssl format #1616

tfr42 opened this issue Dec 4, 2023 · 3 comments · Fixed by #1708
Assignees
@tfr42
Labels
breaking breaking change console deegree administration console enhancement enhancement or improvement TMC discussion to be discussed by technical management committee members
Milestone
3.6

Comments

@tfr42
Copy link
Member

tfr42 commented Dec 4, 2023
edited
Loading

Currently the file console.pw stores the password set for the deegree administration console in a very specific format hex(salt):hex(enc(password)) like:
0000018C2B4B62FD:9C53FF924D7CE3A9112EC480116ACA4F9941B9321F47BDBA5528C5DED47EA076
It contains the salt value and the encrypted password using SHA-256 algorithm delimited by :.

To allow the use of tools such as openssl or using common Java API such as Apache Codec to read and write the password file the format shall be changed to salt$sha256(password) using $ as the delimiter.
An output generated with openssl or Apache Commons Codec Sha2Crypt.sha256Crypt() will look like:
$5$12345$nxIKX54gpaik7RiymymMEhDou8.9DjFTzFkJxHKQ3D/

Usage scenario:

  • use openssl passwd -salt '01234' -5 mypassword to write the encrypted password into the file console.pw when using deegree in a container and providing an environment variable to pass the password.
@tfr42 tfr42 added TMC discussion to be discussed by technical management committee members console deegree administration console breaking breaking change labels Dec 4, 2023
@tfr42 tfr42 added this to the 3.6 milestone Dec 4, 2023
@tfr42 tfr42 added the enhancement enhancement or improvement label Dec 6, 2023
@tfr42
Copy link
Member Author

tfr42 commented Dec 13, 2023
edited
Loading

Using htpasswd would be nice to encrypt the password, see https://httpd.apache.org/docs/trunk/programs/htpasswd.html for the available options (requires Apache httpd 2.5). Should be added to the documentation.

@tfr42 tfr42 self-assigned this Jun 5, 2024
@tfr42 tfr42 mentioned this issue Jun 6, 2024
Open
6 tasks
tfr42 added a commit to lat-lon/deegree3 that referenced this issue Jun 6, 2024
@tfr42
deegree#1616 changes the password format to UNIX crypt using Apache C…
90129f4 
…ommons Codec
@tfr42
Copy link
Member Author

tfr42 commented Jun 6, 2024

WIP: First draft implementation using Apache Commons Codec SHA-256 method available: https://github.com/lat-lon/deegree3/tree/feature/improveConsolePwdEncryption-1616

tfr42 added a commit that referenced this issue Jun 7, 2024
@tfr42
#1616 fixes the missing salt read from file when comparing the given …
15616a8 
…password
@tfr42 tfr42 mentioned this issue Jun 7, 2024
Merged
@tfr42
Copy link
Member Author

tfr42 commented Jun 7, 2024

Wiki page update https://github.com/deegree/deegree3/wiki/Upgrading-deegree-webservices#changes-in-configuration-files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tfr42 tfr42

Labels
breaking breaking change console deegree administration console enhancement enhancement or improvement TMC discussion to be discussed by technical management committee members
Projects
None yet
Milestone
3.6
Development

Successfully merging a pull request may close this issue.

Change of format for password stored in console.pw to UNIX crypt extended format lat-lon/deegree3
1 participant
@tfr42