tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harris, Jeffrey E." <Jeffrey.Har...@ManTech.com>
Subject RE: Need to Specify keystorePass on Command Line
Date Fri, 08 Feb 2013 16:02:52 GMT


> -----Original Message-----
> From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
> Sent: Friday, February 08, 2013 9:24 AM
> To: Tomcat Users List
> Subject: RE: Need to Specify keystorePass on Command Line
>
> > From: Harris, Jeffrey E. [mailto:Jeffrey.Harris@ManTech.com]
> > Subject: Need to Specify keystorePass on Command Line
>
> > However, for security reasons, I must specify the keystore password
> on
> > the command line.
>
> Before making your own life unnecessarily complicated, read this:
>
> http://wiki.apache.org/tomcat/FAQ/Password
>
> There's no additional security to be gained by placing the password in
> the Windows registry over having it in server.xml.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
> PROPRIETARY MATERIAL and is thus for use only by the intended
> recipient. If you received this in error, please contact the sender and
> delete the e-mail and its attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org

Chuck,

First, I cannot store the password ANYWHERE on the system, which is why it needs to be entered
on the command line.  The ultimate goal is to pass the password from a remote system using
psexec to start the Tomcat service (preferably with the sc utility).  But if I cannot pass
the password locally, I obviously will not be successful remotely.

>From the FAQ, I modified the server.xml file to add the keystorePass as a variable:  keystorePass="${ks.password}",
and then tried to use an environment variable to store the keystore password, either using
the set command or the
--ENVIRONMENT directive.  I thought the set command worked once, but I was not able to reproduce
the behavior.

So my original question remains - is there a way to specify the keystore password on the command
line, and not in the registry or a configuration file on the server hosting Tomcat?

Jeffrey Harris

This e-mail and any attachments are intended only for the use of the addressee(s) named herein
and may contain proprietary information. If you are not the intended recipient of this e-mail
or believe that you received this email in error, please take immediate action to notify the
sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments
from your computer; and do not disseminate, distribute, use, or copy this message and any
attachments.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message