tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <>
Subject Re: digesting passwords with the admin tool
Date Mon, 29 Sep 2003 11:28:10 GMT
Use JDBC-Realm, JNDI-Realm or another custom realm to achieve the password 
encryption you need. tomcat-user.xml is not meant for serious productional 
usage for maintaining (lots of) users and passwords.


Dirk Brockmann wrote:

> Hi List,
> I have just installed tomcat-4.1.27 and everything is working
> well. For security reasons I was trying to use MD5-digested passwords
> by means of the digest="MD5" keyword in the Memory Realm.
> Placing a digested password in the tomcat-user.xml file I can 
> authenticate myself
> for example to use the manager and admin webapps.
> However, if I use the admin tool in order to add a new user
> the password associated with the new user is written
> into the tomcat-user.xml file in clear text and consequently
> the new user cannot authenticate because digest="MD5" is defined
> in the Realm. Is there any way I can tell the admin tool
> to digest the passwords and then write them into the file.
> Any help would be greatly appreciated.
> Dirk

View raw message