Here’s a quick howto on installing web password safe on CentOS 6 with tomcat.
Prerequiste:
You’ll need to have JAVA setup correctly with JCE installed and I assume that Tomcat is already installed. You can consult both documentation I wrote :
Howto install Tomcat 7 on centos 6
I will describe the steps I took, feel free to tell me if there’s something to fix, it’s possible your setup is slightly different..
- Install your CentOS with at least those package/group @Base, mysql-server2 and mysql-connector-java.noarch
- Don’t forget to run mysql_secure_installation and change the root password..
- Not sure on this one, because my system is kickstarted and automatically added to the repo, but you’ll probably need the EPEL repository ( rpm -Uhv http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm )
- Download the webpasswordsafe war on google code: https://code.google.com/p/webpasswordsafe/downloads/list
Now we’ll copy the MySQL JDBC driver to our Tomcat Install if it’s not already done:
# ls -lah /opt/apache-tomcat-7.0.53/lib/*mysql*
If you see a file there, skip the copy, you already have the JDBC driver installed.
# cp /usr/share/java/mysql-connector-java.jar /opt/apache-tomcat-7.0.53/lib/
Now we will create the database needed by passwordsafe and the user it will use to connect, plus the permission.
# mysql -u root -p mysql> create database webpasswordsafe; mysql> create user wps@localhost identified by 'PUT_A_SAFE_PASSWORD_HERE'; mysql> grant all privileges on webpasswordsafe.* to wps@localhost; mysql> grant usage on webpasswordsafe.* to wps@localhost; mysql> flush privileges; mysql> exit
Now we will deploy the WAR for the first time, and configure some settings:
Stop tomcat if it run:
# /etc/init.d/tomcat-webpasswordsafe stop
Copy the WAR in the webapp directory of your tomcat install and we will rename it:
# cp -ar webpasswordsafe-sample-1.3.war /opt/webpasswordsafe/catalina_base/webapps/ # mv webpasswordsafe-sample-1.3.war webpasswordsafe-1.3.war
Start Tomcat:
# /etc/init.d/tomcat-webpasswordsafe start
Now let’s configure few basics settings:
Set a new secret key at encryptor.jasypt.password
# cd /opt/webpasswordsafe/catalina_base/webapps/webpasswordsafe-1.3 # vim WEB-INF/encryption.properties
Edit the config to access the database:
# vim WEB-INF/jdbc.properties set db user key jdbc.username=wps jdbc.password=HERE_YOU_PASTE_THE_NOT_SO_SAFE_PASSWORD_YOU_PROBABLY_CHOOSE uncomment mysql config: # MySQL/MariaDB settings hibernate.dialect=org.hibernate.dialect.MySQL5InnoDBDialect jdbc.driverClassName=com.mysql.jdbc.Driver jdbc.url=jdbc:mysql://localhost:3306/webpasswordsafe jdbc.validationQuery=select 1
Now restart Tomcat and we’ll see if everything work:
# /etc/init.d/tomcat-webpasswordsafe restart
Normally at this point you should be able to access the web interface via http://your-hostname-or-ip:8080/webpasswordsafe-1.3/
If you are using the default LocalAuthenticator the user/pass are: admin/admin
That’s it for the install, check the Admin Guide for more informations regarding all the different options available in the config files.. I will probably add another post to cinfigure the LDAP connector and other features.
Be sure to setup a SSL connection if you want to use this in production… You don’t want to access your password manager via http… You are gonna store all your password there, doublecheck EVERYTHING, root password, MySQL, SSL, ensure that you have the minimum service running on this host, iptables and SELinux enabled could be a great idea.
Note:
- Here’s the admin documentation http://webpasswordsafe.googlecode.com/svn/trunk/docs/AdministratorGuide.html
- Thanks to Jonathon who posted the steps he took to install webpassword safe on debian in the group. ( https://groups.google.com/d/msg/webpasswordsafe/IUTko0NGuv4/UANDeTbFnsEJ )
After copying the war file to the webapp directory your directions say to move (rename) the file, but it doesn’t include the path so it just renames the source file.
Later, when setting the secret key, you instruct to cd /opt/webpasswordsafe/catalina_base/webapps/webpasswordsafe-1.3 when in fact /opt/webpasswordsafe/catalina_base/webapps/webpasswordsafe-1.3 is a war file not a directory? EDIT: You should specify that this needs to be extracted.
being a .war file it will be extracted by the tomcat server, no need to extract manually.