I believe that GeoNode is setting up its own user/role source when integrating with GeoServer,
so it may be that changing the GS config files does nothing.
Mind, this is just a hunch, there’s a good chance I’m wrong here
···
On Thu, Oct 2, 2014 at 10:13 AM, Christian Mueller <christian.mueller@anonymised.com> wrote:
Hi Lubomir
Quite strange. Please can you check if the value of
password=“crypt1:Z22ZwbZyJpL3kt3rZrM3PmY38jsMFYdx”
changes if you change the password of the admin user. (Note, the value change is independent of a password change because we use a salt. Saving the password “geoserver” two times will result into two different values).
Next, you can switch to the plain text password encoder (you have to change the settings in the default user/group service). Change the password and you should see the result in plain text
password=“plain:mynewpasswordf”
I think this is the best way to resolve the problem. (After resolving, switch back to the digest encoder).
Cheers
Christian
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.
On Thu, Oct 2, 2014 at 9:52 AM, Lubomir Filipov <lubomirfilipov@anonymised.com> wrote:
Hi Christian,
thanks for taking the time to reply.
This is the file you are referring to. We tried to disable the default admin user, but still we can login with the default password (and the geonode password as well). Geoserver version is 2.4 (the snapshot, used for Geonode 2.0). We tried with geoserver 2.5, but the result is the same. We tried on Ubuntu 12.4/12.5 and Debian, but the result is the same. We follow step by step the instruction of the geonode site.
![Inline image 1]()
<?xml version="1.0" encoding="UTF-8"?>
We have made a detail movie of what/how we configure the system.
https://drive.google.com/file/d/0B2oRsQyYjsqyMnRFQnN5Vy1vS2c/edit?usp=sharing
I will appreciate any ideas and suggestions.
My very best,
Lubo.
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
Lubomir Filipov
48 Evlogi Georgiev Blvd,
1504 Sofia, Bulgaria
e-mail: lubomirfilipov@anonymised.com
cell phone: (+359) 888 972277
fax: (+359) 2 4916469**%202%204916469)**
skype name: fipeto
http://www.linkedin.com/in/lubomirfilipov
http://www.facebook.com/GAPconsult.bg
On Wed, Oct 1, 2014 at 12:03 PM, Christian Mueller <christian.mueller@anonymised.com> wrote:
Hi Lubomir
I assume you are talking about the password of the admin user.
Please take a look into
security/usergroup/default/users.xml
There is an XML element called with attributes name and password. What do you see ?
Cheers
Christian
On Tue, Sep 30, 2014 at 8:37 PM, Lubomir Filipov <lubomirfilipov@anonymised.com> wrote:
Hello all,
we are running to a security problem using Geonode 2.0 and the default version of geoserver (part of the geonode instalation), which is 2.4.
The issues is place also on: https://github.com/GeoNode/geoserver-geonode-ext/issues/15 from January 2014.
The issue is that we cannot change the default password of geoserver (it allows change, but it keeps the old password as well).
Anyone running similar issue?
Thanks a lot in advance.
Lubomir Filipov
48 Evlogi Georgiev Blvd,
1504 Sofia, Bulgaria
e-mail: lubomirfilipov@anonymised.com
cell phone: (+359) 888 972277
fax: (+359) 2 4916469**%202%204916469)**
skype name: fipeto
http://www.linkedin.com/in/lubomirfilipov
http://www.facebook.com/GAPconsult.bg
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
