Hi,
On the main page of the admin console it says the password can be changed at config->server->password. but I can’t find anything on the config->server page to do that. Has it moved? Can it be set in the config files?
Geoserver 1.6.0 beta3
Tom
Tom (JDi Solutions) ha scritto:
Hi,
On the main page of the admin console it says the password can be changed at config->server->password. but I can't find anything on the config->server page to do that. Has it moved? Can it be set in the config files?
Geoserver 1.6.0 beta3
Yes, in GeoServer 1.6.0 beta3 you can add as many users as you like,
but they cannot be modified from the web interface anymore.... until
we get the new UI and config I doubt we'll have this capability back...
Sorry for the inconvenience
Cheers
Andrea
Tom (JDi Solutions) ha scritto:
Hi,
On the main page of the admin console it says the password can be changed at config->server->password. but I can't find anything on the config->server page to do that. Has it moved? Can it be set in the config files?
And oh, the file is users.properties in the geoserver data dir,
and if you want to lock down services too (such as giving transaction
access only to a category of users), have a look at services.properties.
Btw, if you do the latter I don't know if uDig will be able to access
the WFS server anymore, not sure it has http basic authentication
capabilities.
Cheers
Andrea
Excellent, got it. I intend to look into this in more detail in the coming weeks / months. For now though, one observation, would it be better to store the passwords hashed like in .htaccess?
On 9/19/07, Andrea Aime <aaime@anonymised.com> wrote:
Tom (JDi Solutions) ha scritto:
Hi,
On the main page of the admin console it says the password can be
changed at config->server->password. but I can’t find anything on the
config->server page to do that. Has it moved? Can it be set in the
config files?And oh, the file is users.properties in the geoserver data dir,
and if you want to lock down services too (such as giving transaction
access only to a category of users), have a look at services.properties.
Btw, if you do the latter I don’t know if uDig will be able to access
the WFS server anymore, not sure it has http basic authentication
capabilities.Cheers
Andrea
Tom (JDi Solutions) ha scritto:
Excellent, got it. I intend to look into this in more detail in the coming weeks / months. For now though, one observation, would it be better to store the passwords hashed like in .htaccess?
It sure would. Can you open a jira issue for this one too? 
The security subsystem is but a prototype for the moment, put
there to allow user identification in versioning WFS mainly,
and hasn't received much attention so far... we still have
quite a bit of work to do on it (think data security, not
only service security).
Cheers
Andrea
Tom (JDi Solutions) ha scritto:
Excellent, got it. I intend to look into this in more detail in the coming weeks / months. For now though, one observation, would it be better to store the passwords hashed like in .htaccess?
Oh, I forgot the main reason for having them in clear text: since there
is no UI for editing that file, how would you hash the password (by hand, I mean).
Cheers
Andrea
could use the same tools that apache use… htpasswd2
or use some hashing tools, like md5sum or write a simple script that use crypt…
On 9/19/07, Andrea Aime <aaime@anonymised.com> wrote:
Tom (JDi Solutions) ha scritto:
Excellent, got it. I intend to look into this in more detail in the
coming weeks / months. For now though, one observation, would it be
better to store the passwords hashed like in .htaccess?Oh, I forgot the main reason for having them in clear text: since there
is no UI for editing that file, how would you hash the password (by
hand, I mean).Cheers
Andrea
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Facundo Garat ha scritto:
could use the same tools that apache use... htpasswd2
Then you would have to install apache just to use it... common on linux,
uncommon on windows (and probably mac os X).
or use some hashing tools, like md5sum or write a simple script that use crypt....
Again, common linux tools, not common on windows... oh well, I guess
I can write a command line/swing one in java...
Cheers
Andrea
There’s also loads of sites on the web which will generate .htaccess lines. This is just the first of many on google: http://www.kxs.net/support/htaccess_pw.html
On 9/19/07, Andrea Aime <aaime@anonymised.com> wrote:
Facundo Garat ha scritto:
could use the same tools that apache use… htpasswd2
Then you would have to install apache just to use it… common on linux,
uncommon on windows (and probably mac os X).or use some hashing tools, like md5sum or write a simple script that use
crypt…Again, common linux tools, not common on windows… oh well, I guess
I can write a command line/swing one in java…Cheers
Andrea
you couldn’t be more right…
just so used to linux… sorry
–
Facundo Garat Mayer
facundo@anonymised.com
On 9/19/07, Andrea Aime <aaime@anonymised.com> wrote:
Facundo Garat ha scritto:
could use the same tools that apache use… htpasswd2
Then you would have to install apache just to use it… common on linux,
uncommon on windows (and probably mac os X).or use some hashing tools, like md5sum or write a simple script that use
crypt…Again, common linux tools, not common on windows… oh well, I guess
I can write a command line/swing one in java…Cheers
Andrea