Installing WebKeePass on a Debian Server

WebKeePass is a web-based Java port of the KeePass project – free, awesome and open-source password manager. We will install WebKeePass manager and configure it to use OpenLDAP server for user authentication.

[Update 2016] The WebKeePass project looks dead.

Install Java

We will be installing WebKeePass on a Debian Wheezy server. Update packages list and install Java:

# apt-get update && apt-get install wget openjdk-6-jdk unzip vim

Find out where Java is installed:

# find / -name java | grep -i jdk
/usr/lib/jvm/java-6-openjdk-amd64/jre/bin/java
/usr/lib/jvm/java-6-openjdk-amd64/bin/java

Export JAVA_HOME (it didn’t work for me otherwise):

# export JAVA_HOME=/usr/lib/jvm/java-6-openjdk-amd64

Install WebKeePass

Download the installation file:

# cd ~ 
# wget http://kent.dl.sourceforge.net/project/webkeepass/WebKeePass-3.121122.zip

Unzip the archive:

# unzip ./WebKeePass-3.121122.zip

Change to:

# cd ./WebKeePass-3.121122

Make installation file executable:

# chmod u+x ./Install-no-gui.sh

And run the installation script:

# ./Install-no-gui.sh

You will be prompted to agree to the LGPL; asked for the installation and Java home directories, the tomcat ports, and to create some users and specify the encryption algorithm:

Do You Agree? [Y or N] :Y
Installation Path: /usr/local/webkeepass-3.12
JAVA_HOME' Path: /usr/lib/jvm/java-6-openjdk-amd64
Web KeePass Admin/Root UserID: [root]
Admin/Root Password: ********
Web KeePass Standard UserID: [user]
Standard User Password: ********
Tomcat HTTPS/SSL Port: [8443]
Tomcat Shutdown Port: [9444]
Your Host Name: [localhost]
Select Cipher: [1]
 1 = Blowfish
 2 = DESede
 3 = TripleDES
 4 = AES
 5 = DES
4
********************************************************
* Installation Detail
* Installation Path: /usr/local/webkeepass-3.12/
* JAVA_HOME: /usr/lib/jvm/java-6-openjdk-amd64/
* Web KeePass Admin/Root UserID: root
* Password: ***********
* Web KeePass Standard UserID: user
* Password: ***********
* Tomcat HTTPS/SSL Port: 8443
* Tomcat Shutdown Port: 9444
* Host Name: localhost
* Cipher: 4
********************************************************
[...]
**** Complete!
 1 - Start Tomcat: /usr/local/webkeepass-3.12/
 2 - point your web browser to : https://localhost:8443
 3 - point your mobile device to https://localhost:8443/iphone
(*note: If reinstallation is required, you must first delete the target installation folder)

Start Tomcat and WebKeePass

Navigate to the WebKeePass installation drectory:

# cd /usr/local/webkeepass-3.12

Make startup scrips executable:

# chmod u+x ./startup.sh
# chmod u+x ./jakarta-tomcat-5.5.7/bin/*.sh

Start WebKeePass:

# ./startup.sh
Using CATALINA_BASE: /usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7
Using CATALINA_HOME: /usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7
Using CATALINA_TMPDIR: /usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7/temp
Using JAVA_HOME: /usr/lib/jvm/java-6-openjdk-amd64

Note: TCP 8443 port has to be open on a firewall to be able to get access from the public network:

# iptables -A INPUT -p tcp --dport 8443 -j ACCEPT

Open a web browser and navigate to https://localhost:8443. We should see the web login screen:

webkeepass-login

Once successfully logged in, we’ll get to the WebUI:

webkeepass_webui

We can stop WebKeePass service by running the shutdown script:

# /usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7/bin/shutdown.sh

Configure WebKeePass to Use OpenLDAP

Open the WebKeePassConf.xml config file:

# vim /usr/local/webkeepass-3.12/conf/WebKeePassConf.xml

And change the LDAP section depending appropriately:

<LDAP_CONFIG>
<LDAP>true</LDAP>
<LDAP_Group>Users</LDAP_Group>
<principalDNPrefix>uid=</principalDNPrefix>
<principalDNSuffix>,ou=Users,dc=lisenet.com,o=top</principalDNSuffix>
<java.naming.provider.url>ldap://127.0.0.1:389</java.naming.provider.url>
<java.naming.security.authentication>simple</java.naming.security.authentication>
<java.naming.factory.initial>com. sun. jndi. ldap. LdapCtxFactory</java.naming.factory.initial>
</LDAP_CONFIG>

There are no spaces when defining java.naming.factory.initial.

Note to myself: WebKeePass takes the user ID that is entered by the user, and simply surrounds it with the <principalDNPrefix> and the <principalDNSuffix> to create the DN to authenticate to.

Troubleshooting

If something doesn’t work as expected, the first place to check is a catalina log:

# tail -f /usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7/logs/catalina_log.[DATE].txt

Create Simple WebKeePass Launch Scripts

It may get hard to remember where the default startup and shutdown scripts are placed, therefore we will create ones for ourselves. Open an empty file:

# vim /usr/local/sbin/webkeepass-start.sh

And add the following:

#!/bin/bash
unset JAVA_HOME
export JAVA_HOME=/usr/lib/jvm/java-6-openjdk-amd64
cd /usr/local/webkeepass-3.12
./startup.sh

Save the file and make the script executable:

# chmod 0750 /usr/local/sbin/webkeepass-start.sh

Now we can start WebKeePass by simply typing:

# webkeepass-start.sh

Let’s do the same for shutdown:

# vim /usr/local/sbin/webkeepass-stop.sh

Add the following:

#!/bin/bash
unset JAVA_HOME
export JAVA_HOME=/usr/lib/jvm/java-6-openjdk-amd64
/usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7/bin/shutdown.sh

Save the file and make it executable:

# chmod 0750 /usr/local/sbin/webkeepass-stop.sh

We can stop WebKeePass by typing:

# webkeepass-stop.sh

11 thoughts on “Installing WebKeePass on a Debian Server

  1. If try https:// example.com:8443 Firefox says: plugin needed
    Tested with differnd Browesers, always the same, if i try https:// example.com:8443/iphone then its o.k.

    • WebKeePass is a Java based software, so your browser needs to support, well, Java. You may want to check the IcedTea-Web web-browser plugin, it executes Java applets.

  2. I completely install like you tell in above successfully but when we try to login get error after login
    Network Request
    server connection reset – try again later

    if you have solution please provide

    • I no longer use WebKeePass, but this may help:

      “This error comes from the point that the project it partially compiled with JDK/Java 1.7

      You have to change your java version to 1.7 to run WebKeePass.”

    • which password manager solution did you opt to switch to instead of keepass?
      also, how is it better than keepass?

    • I would not like to disclose it here due to NSA reasons etc, but KeePassX is a good alternative to WebKeePass for those not requiring a web front-end.

  3. I have successfully installed it on a Raspberry Pi2 running Debian Jessie prepared by Sjoerd Simons. I used Java7-jdk withouth any issue except that I noticed that Google Chrome does not make the Java app runnning: “The Plugin is not supported”. Internet Explorer, adding the url to the Java white list and accepting the ssl certificate failure, makes it running instead.

    I have one trivial problem though:

    How can I point WebKeePass to a file residing on an NFS mount?

    Finally, as WebKeePass is no longer supported, is there any other solution I can use to access my KeePass db from web (I have very restrictive firewall policies at work and therefore I cannot open the db with the Open from URL… option).

    Thanks,

    giopas

Comments are closed.