tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kurt Heberlein <ku...@3pardata.com>
Subject RE: Digested passwords stored in tomcat-users.xml by admin application?
Date Wed, 22 Jul 2009 22:17:24 GMT
Thanks Chuck -

  Sorry - yes v5.5, and i am referring to the admin webapp that came
with it.  I have to allow for end-users that don't want to use LDAP, nor
another DB (I know it is stupid).  So i was hoping there was a way to
make the admin app write the passwords in digest form.

Thanks -Kurt

On Wed, 2009-07-22 at 15:05 -0700, Caldarale, Charles R wrote:
> > From: Kurt Heberlein [mailto:kurth@3pardata.com]
> > Subject: Digested passwords stored in tomcat-users.xml by admin
> > application?
> >
> > is there a way to make the admin application
>
> If you're referring to the admin application that comes with older
> versions of Tomcat, that's a dead end.  (Note that you didn't bother
> to tell us what version of Tomcat you're using.)
>
> > Each new user created gets put in the file with a
> > cleartext password.
>
> What file?  If you're referring to conf/tomcat-users.xml, you should
> not be using that in production.  Better to configure a proper <Realm>
> with some sort of database or LDAP server behind it:
> http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
> PROPRIETARY MATERIAL and is thus for use only by the intended
> recipient. If you received this in error, please contact the sender
> and delete the e-mail and its attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>


This email and any attachments thereto may contain private, confidential, and privileged material
for the sole use of the intended recipient. Any review, copying, or distribution of this email
(or any attachments) by others is strictly prohibited. If you are not the intended recipient,
please contact the sender immediately and permanently delete the original and any copies of
this email and any attachments thereto.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message