<div dir="ltr">Hi, just a clarification on the passwords.<div><br></div><div>The default admin/geoserver password (which has to be changed) is used only for internal communications between geonode and geoserver and should never be used by any user or administrator. It can be changed through the geoserver UI, but geonode needs to know it anyway and this is the reason why you find it in the OGC settings.</div><div><br></div><div>The administrator passwords as well as other users passwords are stored in geonode and are used for permissions and authentication across all the site.</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-11-18 4:53 GMT+01:00 <a href="mailto:j.doig@unsw.edu.au">j.doig@unsw.edu.au</a> <span dir="ltr"><<a href="mailto:j.doig@unsw.edu.au" target="_blank">j.doig@unsw.edu.au</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-AU" link="blue" vlink="purple">
<div class="m_7242448931378774491WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hi all<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thanks for your reply Alessio.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">After some sleuthing I’ve found that within a Geonode installation Geoserver allows 3 different passwords for admin login:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="m_7242448931378774491MsoListParagraph" style="margin-left:18.0pt">
<u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><span>1.<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Geonode admin password</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p class="m_7242448931378774491MsoListParagraph"><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Set by python manage.py createsuperuser, changed via Geonode GUI<u></u><u></u></span></p>
<p class="m_7242448931378774491MsoListParagraph"><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Stored encrypted in the geonode:people_profile table in postgres<u></u><u></u></span></p>
<p class="MsoNormal" style="text-indent:18.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="m_7242448931378774491MsoListParagraph" style="margin-left:18.0pt">
<u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><span>2.<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Geoserver admin password</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p class="m_7242448931378774491MsoListParagraph"><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Changed via Geoserver admin GUI<u></u><u></u></span></p>
<p class="m_7242448931378774491MsoListParagraph"><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Stored encrypted in /var/lib/tomcat7/webapps/<wbr>geoserver/data/security/<wbr>usergroup/default/users.xml<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="m_7242448931378774491MsoListParagraph" style="margin-left:18.0pt">
<u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><span>3.<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Geonode OGC Server default admin password</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> (‘geoserver’)<u></u><u></u></span></p>
<p class="m_7242448931378774491MsoListParagraph"><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Stored as OGC_SERVER['default’][‘<wbr>PASSWORD’] as plain text in /home/geonode/geonode/geonode/<wbr>local_settings.py<u></u><u></u></span></p>
<p class="m_7242448931378774491MsoListParagraph"><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Changed by editing this file and restarting Apache<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">This is confusing and potentially risky, as you can change a compromised password in one place (Geonode or Geoserver) not realising it still works because it’s
also stored in the other place.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I’ve raised this as issue
<a href="https://github.com/GeoNode/geonode/issues/2715" target="_blank">#2715</a>.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">For one thing, the installation package, and
<a href="http://docs.geonode.org/en/master/tutorials/install_and_admin/geonode_install/index.html" target="_blank">
manual install doco</a>, should include a step to change the default password in local_settings.py. I've included
<a href="https://github.com/UNSW-CFRC/geonode_install/blob/master/install_geonode/9.1_add_apache_geonode_config.yml#L27" target="_blank">
that step</a> in my own Ansible playbook for Ubuntu 16.04.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Regards<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Jonathan<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:alessio.fabiani@gmail.com" target="_blank">alessio.fabiani@gmail.com</a> [mailto:<a href="mailto:alessio.fabiani@gmail.com" target="_blank">alessio.fabiani@gmail.<wbr>com</a>]
<b>On Behalf Of </b>Alessio Fabiani<br>
<b>Sent:</b> Tuesday, 15 November 2016 8:12 PM<br>
<b>To:</b> Jonathan Doig<br>
<b>Cc:</b> <a href="mailto:geonode-devel@lists.osgeo.org" target="_blank">geonode-devel@lists.osgeo.org</a><br>
<b>Subject:</b> Re: [GeoNode-devel] Geoserver retains old admin passwords<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">Hello Jonathan,<u></u><u></u></p>
<div>
<p class="MsoNormal">GeoServer makes use of two different Authentication types: Basic Auth (used by the backend for the import operations and changes to the catalog), GeoNode-Cookies Auth (used to provide access to the GeoServer resources to the GeoNode users).<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">In order to change the GeoServer Basic Auth admin password, you must login into the GeoServer page using an admin user, go to Security > User, Roles, ... and manually update the admin user password.<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<u></u><u></u></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">Best Regards,<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">Alessio Fabiani.<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt"><u></u> <u></u></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">==<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">GeoServer Professional Services from the experts!<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">Visit <a href="http://goo.gl/it488V" target="_blank">
http://goo.gl/it488V</a> for more information.<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">==<u></u><u></u></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">Ing. Alessio Fabiani<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">@alfa7691<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">Founder/Technical Lead<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt"><u></u> <u></u></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">GeoSolutions S.A.S.<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">Via di Montramito 3/A<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">55054 Massarosa (LU)<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">Italy<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">phone: <a href="tel:%2B39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313</a><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">fax: <a href="tel:%2B39%200584%201660272" value="+3905841660272" target="_blank">+39 0584 1660272</a><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">mob: <a href="tel:%2B39%20331%206233686" value="+393316233686" target="_blank">+39 331 6233686</a><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt"><a href="http://www.geo-solutions.it" target="_blank">http://www.geo-solutions.it</a><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt"><a href="http://twitter.com/geosolutions_it" target="_blank">http://twitter.com/<wbr>geosolutions_it</a><u></u><u></u></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">------------------------------<wbr>-------------------------<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt"><u></u> <u></u></span></p>
</div>
<div>
<p><b><span lang="IT" style="font-size:7.5pt">AVVERTENZE AI SENSI DEL D.Lgs. 196/2003</span></b><span style="font-size:9.5pt"><u></u><u></u></span></p>
<p><span lang="IT" style="font-size:7.5pt">Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.</span><span style="font-size:9.5pt"><u></u><u></u></span></p>
<p><span lang="IT" style="font-size:7.5pt"> </span><span style="font-size:9.5pt"><u></u><u></u></span></p>
<p><span style="font-size:7.5pt">The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative
Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval
of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept
liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.</span><span style="font-size:9.5pt"><u></u><u></u></span></p>
<p><span style="font-size:7.5pt">------------------------------<wbr>------------------------------<wbr>---------</span><span style="font-size:9.5pt"><u></u><u></u></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Tue, Nov 15, 2016 at 8:24 AM, Jonathan Doig <<a href="mailto:j.doig@unsw.edu.au" target="_blank">j.doig@unsw.edu.au</a>> wrote:<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal">Hi all<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">My Geoserver, inside Geonode 2.4 on Ubuntu 16.04, won’t let go of old admin passwords.<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">I used manage.py createsuperuser to set the Geonode admin password when I did my manual install. Pretty sure that password then worked for logging into Geoserver as admin also.<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">I’ve since changed the Geoserver admin password through the UI, twice, and also done so by calling manage.py changepassword directly and from ansible.<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">In total I’ve used 2 new passwords. Both passwords, and the original one ‘geoserver’, now work when logging in as admin. Other random passwords do not.<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">It’s not entirely clear but this may be the behaviour reported back in September in this post:<u></u><u></u></p>
<p class="MsoNormal"><a href="http://osgeo-org.1560.x6.nabble.com/Geo-server-Admin-Password-td5286411.html" target="_blank">http://osgeo-org.1560.x6.<wbr>nabble.com/Geo-server-Admin-<wbr>Password-td5286411.html</a><u></u><u></u></p>
<p class="MsoNormal"><span style="color:#888888"> <u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#888888">Jonathan<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
______________________________<wbr>_________________<br>
geonode-devel mailing list<br>
<a href="mailto:geonode-devel@lists.osgeo.org" target="_blank">geonode-devel@lists.osgeo.org</a><br>
<a href="http://lists.osgeo.org/mailman/listinfo/geonode-devel" target="_blank">http://lists.osgeo.org/<wbr>mailman/listinfo/geonode-devel</a><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
<br>______________________________<wbr>_________________<br>
geonode-devel mailing list<br>
<a href="mailto:geonode-devel@lists.osgeo.org">geonode-devel@lists.osgeo.org</a><br>
<a href="http://lists.osgeo.org/mailman/listinfo/geonode-devel" rel="noreferrer" target="_blank">http://lists.osgeo.org/<wbr>mailman/listinfo/geonode-devel</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Simone </div>
</div>