tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guy <>
Subject Re: encrypting passwords in tomcat-users.xml
Date Wed, 22 Nov 2017 18:50:21 GMT
Maybe I should ask this in a different way: what are the steps to use 
encrypted passwords in tomcat-users.xml under Tomcat 8.0.14? I know what 
they are in Tomcat 8.0.37. They're both versions of Tomcat 8.0.x, so why 
does something that works in one not work in the other? Does the 
server.xml configuration need to be different?

Here are some specifics on how I'm running

As you will see, they are different. The newer version has more 
arguments, and produces a different output, in the format 

First, on Mac with apache-tomcat-8.0.37:

% ./ secret

% ./
Usage: RealmBase [-a <algorithm>] [-e <encoding>] [-i <iterations>] [-s

<salt-length>] [-k <key-length>] [-h <handler-class-name>] <credentials>

I believe this is defaulting to SHA-512 as per the docs and the fact 
that it worked when I configured the Realm to use SHA-512 with the 

Next, on Linux with apache-tomcat-8.0.14-1:

# ./ secret
Usage: RealmBase -a <algorithm> [-e <encoding>] <credentials>
# ./ -a SHA-512 secret

So, something in the underlying RealmBase class is different, and I 
can't get this output (or anything) to work on this server. There's also 
a warning in the log:

org.apache.tomcat.util.digester.Digester.endElement   No rules found 
matching 'Server/Service/Engine/Realm/Realm/CredentialHandler'.

which leads me to believe the server.xml configuration needs to be 
different for this version too. However, none of this is indicated in 
the documentation. I'm at a complete loss.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message