Installing WebKeePass on a Debian Server | Lisenet.com :: Linux | Security

WebKeePass is a web-based Java port of the KeePass project – free, awesome and open-source password manager. We will install WebKeePass manager and configure it to use OpenLDAP server for user authentication.

[Update 2016] The WebKeePass project looks dead.

Install Java

We will be installing WebKeePass on a Debian Wheezy server. Update packages list and install Java:

# apt-get update && apt-get install wget openjdk-6-jdk unzip vim

Find out where Java is installed:

# find / -name java | grep -i jdk
/usr/lib/jvm/java-6-openjdk-amd64/jre/bin/java
/usr/lib/jvm/java-6-openjdk-amd64/bin/java

Export JAVA_HOME (it didn’t work for me otherwise):

# export JAVA_HOME=/usr/lib/jvm/java-6-openjdk-amd64

Install WebKeePass

Download the installation file:

# cd ~ 
# wget http://kent.dl.sourceforge.net/project/webkeepass/WebKeePass-3.121122.zip

Unzip the archive:

# unzip ./WebKeePass-3.121122.zip

Change to:

# cd ./WebKeePass-3.121122

Make installation file executable:

# chmod u+x ./Install-no-gui.sh

And run the installation script:

# ./Install-no-gui.sh

You will be prompted to agree to the LGPL; asked for the installation and Java home directories, the tomcat ports, and to create some users and specify the encryption algorithm:

Do You Agree? [Y or N] :Y
Installation Path: /usr/local/webkeepass-3.12
JAVA_HOME' Path: /usr/lib/jvm/java-6-openjdk-amd64
Web KeePass Admin/Root UserID: [root]
Admin/Root Password: ********
Web KeePass Standard UserID: [user]
Standard User Password: ********
Tomcat HTTPS/SSL Port: [8443]
Tomcat Shutdown Port: [9444]
Your Host Name: [localhost]
Select Cipher: [1]
 1 = Blowfish
 2 = DESede
 3 = TripleDES
 4 = AES
 5 = DES
4
********************************************************
* Installation Detail
* Installation Path: /usr/local/webkeepass-3.12/
* JAVA_HOME: /usr/lib/jvm/java-6-openjdk-amd64/
* Web KeePass Admin/Root UserID: root
* Password: ***********
* Web KeePass Standard UserID: user
* Password: ***********
* Tomcat HTTPS/SSL Port: 8443
* Tomcat Shutdown Port: 9444
* Host Name: localhost
* Cipher: 4
********************************************************
[...]
**** Complete!
 1 - Start Tomcat: /usr/local/webkeepass-3.12/
 2 - point your web browser to : https://localhost:8443
 3 - point your mobile device to https://localhost:8443/iphone
(*note: If reinstallation is required, you must first delete the target installation folder)

Start Tomcat and WebKeePass

Navigate to the WebKeePass installation drectory:

# cd /usr/local/webkeepass-3.12

Make startup scrips executable:

# chmod u+x ./startup.sh
# chmod u+x ./jakarta-tomcat-5.5.7/bin/*.sh

Start WebKeePass:

# ./startup.sh
Using CATALINA_BASE: /usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7
Using CATALINA_HOME: /usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7
Using CATALINA_TMPDIR: /usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7/temp
Using JAVA_HOME: /usr/lib/jvm/java-6-openjdk-amd64

Note: TCP 8443 port has to be open on a firewall to be able to get access from the public network:

# iptables -A INPUT -p tcp --dport 8443 -j ACCEPT

Open a web browser and navigate to https://localhost:8443. We should see the web login screen:

Once successfully logged in, we’ll get to the WebUI:

We can stop WebKeePass service by running the shutdown script:

# /usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7/bin/shutdown.sh

Configure WebKeePass to Use OpenLDAP

Open the WebKeePassConf.xml config file:

# vim /usr/local/webkeepass-3.12/conf/WebKeePassConf.xml

And change the LDAP section depending appropriately:

<LDAP_CONFIG>
<LDAP>true</LDAP>
<LDAP_Group>Users</LDAP_Group>
<principalDNPrefix>uid=</principalDNPrefix>
<principalDNSuffix>,ou=Users,dc=lisenet.com,o=top</principalDNSuffix>
<java.naming.provider.url>ldap://127.0.0.1:389</java.naming.provider.url>
<java.naming.security.authentication>simple</java.naming.security.authentication>
<java.naming.factory.initial>com. sun. jndi. ldap. LdapCtxFactory</java.naming.factory.initial>
</LDAP_CONFIG>

There are no spaces when defining java.naming.factory.initial.

Note to myself: WebKeePass takes the user ID that is entered by the user, and simply surrounds it with the <principalDNPrefix> and the <principalDNSuffix> to create the DN to authenticate to.

Troubleshooting

If something doesn’t work as expected, the first place to check is a catalina log:

# tail -f /usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7/logs/catalina_log.[DATE].txt

Create Simple WebKeePass Launch Scripts

It may get hard to remember where the default startup and shutdown scripts are placed, therefore we will create ones for ourselves. Open an empty file:

# vim /usr/local/sbin/webkeepass-start.sh

And add the following:

#!/bin/bash
unset JAVA_HOME
export JAVA_HOME=/usr/lib/jvm/java-6-openjdk-amd64
cd /usr/local/webkeepass-3.12
./startup.sh

Save the file and make the script executable:

# chmod 0750 /usr/local/sbin/webkeepass-start.sh

Now we can start WebKeePass by simply typing:

# webkeepass-start.sh

Let’s do the same for shutdown:

# vim /usr/local/sbin/webkeepass-stop.sh

Add the following:

#!/bin/bash
unset JAVA_HOME
export JAVA_HOME=/usr/lib/jvm/java-6-openjdk-amd64
/usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7/bin/shutdown.sh

Save the file and make it executable:

# chmod 0750 /usr/local/sbin/webkeepass-stop.sh

We can stop WebKeePass by typing:

# webkeepass-stop.sh

11 thoughts on “Installing WebKeePass on a Debian Server”

Raman says:

19/08/2014 at 11:32 am

Clean & to the point, work fine for me under CentOS. Thanx.
- Lisenet says:
  
  19/08/2014 at 12:37 pm
  
  Glad you found it useful.
Paule says:

26/09/2014 at 1:17 pm

Nothing, Firefox needs an Plugin
- Lisenet says:
  
  26/09/2014 at 5:17 pm
  
  Not constructive enough to understand your problem.
Paule says:

26/09/2014 at 6:51 pm

If try https:// example.com:8443 Firefox says: plugin needed
Tested with differnd Browesers, always the same, if i try https:// example.com:8443/iphone then its o.k.
- Lisenet says:
  
  26/09/2014 at 7:59 pm
  
  WebKeePass is a Java based software, so your browser needs to support, well, Java. You may want to check the IcedTea-Web web-browser plugin, it executes Java applets.
bakul says:

08/04/2015 at 7:43 am

I completely install like you tell in above successfully but when we try to login get error after login
Network Request
server connection reset – try again later

if you have solution please provide
- Lisenet says:
  
  08/04/2015 at 12:12 pm
  
  I no longer use WebKeePass, but this may help:
  
  “This error comes from the point that the project it partially compiled with JDK/Java 1.7
  
  You have to change your java version to 1.7 to run WebKeePass.”
- vmi says:
  
  11/06/2015 at 10:53 pm
  
  which password manager solution did you opt to switch to instead of keepass?
  also, how is it better than keepass?
- Lisenet says:
  
  11/06/2015 at 11:11 pm
  
  I would not like to disclose it here due to NSA reasons etc, but KeePassX is a good alternative to WebKeePass for those not requiring a web front-end.
giopas says:

09/08/2015 at 11:40 pm

I have successfully installed it on a Raspberry Pi2 running Debian Jessie prepared by Sjoerd Simons. I used Java7-jdk withouth any issue except that I noticed that Google Chrome does not make the Java app runnning: “The Plugin is not supported”. Internet Explorer, adding the url to the Java white list and accepting the ssl certificate failure, makes it running instead.

I have one trivial problem though:

How can I point WebKeePass to a file residing on an NFS mount?

Finally, as WebKeePass is no longer supported, is there any other solution I can use to access my KeePass db from web (I have very restrictive firewall policies at work and therefore I cannot open the db with the Open from URL… option).

Thanks,

giopas

Comments are closed.